After the Workspace ONE Access instance is deployed, you use the Setup wizard to set passwords and configure the external database properties.

Make sure that you run the Setup wizard using the fully qualified host name. Do not enter the IP address as the name.

Prerequisites

  • The Workspace ONE Access machine is powered on.
  • The database created in Microsoft SQL server as the external database server. See Create the Workspace ONE Access Service Database.

    For information about specific versions that Workspace ONE Access supports, see the VMware Product Interoperability Matrix.

  • In the Microsoft SQL server, make sure that the database user is granted the db_owner role. Members of the db_owner database role can perform all configuration and maintenance activities on the database. See Change Database-Level Roles After Upgrade to Workspace ONE Access.
  • To enable encryption, the Microsoft SQL server must be configured with a TLS certificate. Make sure that you can access the certificate to upload to the Workspace ONE Access service.

Procedure

  1. Go to the Workspace ONE Access URL that was displayed when you finished the installation. Enter the fully qualified domain name (FQDN). For example, https://WS1AccessHostnameFQDN.example.com.
  2. Accept the certificate, if prompted.
    You can update the certificate after the initial set up.
  3. In the Get Started page, click Continue.
  4. In the Set Passwords page, set passwords for the following administrator accounts, which are used to manage the appliance, then click Continue.
    Account
    Appliance Administrator Set the password for the admin user. You cannot change the admin user name. The admin user account is used to manage the appliance settings.

    To create a strong password, the passwords must be 8 or more characters long and contain at least one of each of the following.

    • Uppercase characters A-Z (Latin alphabet)
    • Lowercase characters a-z (Latin alphabet)
    • Numeric digits 0-9
    • Special characters (!, $, #, %, etc.)
    Appliance Root Set the root user password. The root user has full rights to the appliance.

    To create strong passwords for the root user and remote user (sshuser), the passwords must be 14 or more characters long and contain at least one of each of the following.

    • Uppercase characters A-Z (Latin alphabet)
    • Lowercase characters a-z (Latin alphabet)
    • Numeric digits 0-9
    • Special characters (!, $, #, %, etc.)
    Remote User Set the sshuser password. This password is used to log in remotely to the appliance with an SSH connection.
  5. In the Select Database page, select the External database to use,
    Note: The internal database is not recommended for use with production deployments.
    Important: You select the database to use when you first deploy the Workspace ONE Access appliance. You cannot change the database type.
    To use the external database, configure the following.
    1. Select External Database as the database type.
    2. Enter the JDBC URL of the Microsoft SQL database server.
      Authentication Mode JDBC URL String
      Windows Authentication (domain\user)
      jdbc:sqlserver://<hostname_or_IP_address:port#>;DatabaseName=<saasdb>;integratedSecurity=true;authenticationScheme=NTLM;domain=<domainname>
      SQL Server Authentication (local user)
      jdbc:sqlserver://<hostname_or_IP_address:port#>;DatabaseName=<saasdb>

      To enable SQL Server Always On capability, set MultiSubnetFailover, to True in the JDBC URL

      Authentication Mode JDBC URL String
      Windows Authentication (domain\user)
      jdbc:sqlserver://<hostname_or_IP_address:port#>;DatabaseName=<DatabaseName>;integratedSecurity=true;authenticationScheme=NTLM;domain=<domainname>;multiSubnetFailover=true

      SQL Server Authentication (local user)
      jdbc:sqlserver://<hostname_or_IP_address:port#>;DatabaseName=<saasdb>;multiSubnetFailover=true
    3. Enter the login user name and password that you configured when you created the database. See Configure Microsoft SQL Database Using Local SQL Server Authentication Mode for Workspace ONE Access
    4. To set up an encrypted connection between Workspace ONE Access and the Microsoft SQL Server, select Encrypt Connection.
      The Encrypt Connection option is not supported when the Microsoft SQL Server is configured in Windows Authentication mode.
      Note: An encrypted connection to the database increases the security of data transmitted across networks. However, enabling encryption can slow the performance on the Microsoft SQL server.
    5. If you have not uploaded the root CA signed certificate, click Upload to upload the certificate now.

      Make sure that the file includes the entire certificate chain in the correct order, primary certificate first, then your intermediate certificate, and then the ROOT certificate. The entire certificate is everything between and including the lines -----BEGIN CERTIFICATE----- and -----END CERTIFICATE---- must be included.

      Microsoft SQL servers must be configured with a TLS certificate to use the Encrypt Connection feature with Workspace ONE Access. See Microsoft SQL server documentation to configure the TLS certificate.

    6. Click SAVE.
      When you click SAVE, the connection is tested to verify access to the database.

Results

The connection to the database is configured and the database is initialized. When the process is complete, the Setup is complete page appears.

What to do next

To set up a directory, you must first install one or more instances of the Workspace ONE Access connector. See the corresponding version of the Installing Workspace ONE Access Connector guide. Before setting up the directory, review Directory Integration with Workspace ONE Access for requirements and limitations.