First, you create a remote app access client in the region-specific Workspace ONE Access for the integration with NSX-T Data Center. Then, you use the certificate thumbprint, ClientID, and shared secret, to register NSX-T Data Center to identify it as a trusted consumer of the Workspace ONE Access identity and authentication services.

Procedure

  1. In a Web browser, log in to the region-specific Workspace ONE Access instance in Region A by using the administration interface.
    Setting Value
    URL https://sfo01wsa01.sfo01.rainpole.local/admin
    User name admin
    Password sfo01wsa01_admin_password
    Domain System Domain
  2. On the main navigation bar, from the Catalog drop-down menu, select Settings.
  3. In the left pane, click Remote app access.
  4. Click Clients and click Create client.
  5. In the Create client dialog box, configure these settings, and click Add.

    Setting

    Value

    Access type

    Service Client Token

    Client ID

    sfo01w01nsx01-oauth

    Scope

    admin

    Shared secret

    Generate and save a shared secret

    Issue Refresh Token

    Selected

    Token type

    Bearer

    Access Token Time-To-Live (TTL)

    8 hours

    Refresh Token Time-To-Live (TTL)

    1 month

    Idle Token Time-to-Live (TTL)

    4 days

  6. In a Web browser, log in to the NSX-T Manager for the workload domain by using the user interface.
    Setting Value
    URL https://sfo01w01nsx01.sfo01.rainpole.local
    User name admin
    Password nsx-t_admin_password
  7. On the main navigation bar, click System.
  8. In the left pane, click Users, click the Configuration tab, and click Edit.
  9. In the Edit VMware Identity Manager configuration dialog box, configure these settings and click Save.

    Setting

    Value

    External load balancer

    Disabled

    Integration VMware Identity Manager

    Enabled

    VMware Identity Manager Appliance

    sfo01wsa01.sfo01.rainpole.local

    OAuth Client ID

    sfo01w01nsx01-oauth

    OAuth Client Secret

    Generated_Shared_Secret

    SSL Thumbprint

    Certificate_SHA-256_Thumbprint

    NSX Appliance

    sfo01w01nsx01.sfo01.rainpole.local

Results

Important:

After you configure Workspace ONE Access as an identity provider, the NSX-T Manager URL for a local account login is appended by /login.jsp?local=true, that is, https://sfo01w01nsx01.sfo01.rainpole.local/login.jsp?local=true.