You create a remote app access client to integrate NSX-T Data Center Workspace ONE Access. You use the certificate thumbprint, ClientID, and shared secret, to register NSX-T Data Center to identify it as a trusted consumer of the Workspace ONE Access identity and authentication services.

Procedure

  1. In a Web browser, log in to the region-specific Workspace ONE Access instance in Region A by using the administration interface.
    Setting Value
    URL https://sfo-wsa01.sfo.rainpole.io/admin
    User name admin
    Password region_a_wsa_admin_password
    Domain System Domain
  2. On the main navigation bar, from the Catalog drop-down menu, select Settings.
  3. In the left pane, click Remote app access.
  4. Click Clients and click Create client.
  5. In the Create client dialog box, configure the settings, and click Add.

    Setting

    Value

    Access type

    Service Client Token

    Client ID

    sfo-w01-nsx01-oauth

    Scope

    admin

    Shared secret

    Generate and save a shared secret

    Issue Refresh Token

    Selected

    Token type

    Bearer

    Access Token Time-To-Live (TTL)

    8 hours

    Refresh Token Time-To-Live (TTL)

    1 month

    Idle Token Time-to-Live (TTL)

    4 days

  6. In a Web browser, log in to the workload domain NSX-T administration interface.

    Setting

    Value

    URL

    https://sfo-w01-nsx01.sfo.rainpole.io

    User name

    admin

    Password

    nsx_admin_password

  7. Configure the integration between NSX-T Data Center and Workspace ONE Access.
    1. On the main navigation bar, click System.
    2. In the left pane, click Users and roles, click the VMware Identity Manager tab, and click Edit.

      The Edit VMware Identity Manager configuration dialog box opens.

    3. In the Edit VMware Identity Manager configuration dialog box, configure the settings and click Save.

      Setting

      Value

      Integration VMware Identity Manager

      Enabled

      VMware Identity Manager Appliance

      sfo-wsa01.sfo.rainpole.io

      OAuth Client ID

      sfo-w01-nsx01-oauth

      OAuth Client Secret

      Previously generated shared secret

      SSL Thumbprint

      SHA-256 Thumbprint

      NSX Appliance

      sfo-w01-nsx01.sfo.rainpole.io

      Important:

      To log in with a local account in NSX-T Data Center after you configure Workspace ONE Access as an identity provider, you must append /login.jsp?local=true to the NSX-T Manager URL.