Before you install the Workspace ONE Access connector, complete the prerequisites that apply to your installation scenario.

  • Make sure that you read the Release Notes and check compatibility at VMware Product Interoperability Matrix.
  • Verify that your Windows server meets the requirements listed in Workspace ONE Access Connector 22.09 Systems Requirements.
  • If you are installing the Kerberos Auth service or the Virtual App service:
    • Join the Windows server to the Active Directory domain.
    • Perform the connector installation as a domain user that is also part of the administrator group on the Windows server on which you are installing the connector.
    • The account used to install the connector must have "Log on as a service" rights on the connector server.
    • During installation, specify the domain user account to use to run the Kerberos Auth service and the Virtual App service.
      • If you plan to integrate Citrix applications and desktops with Workspace ONE Access, the domain user account that you use to run the Virtual App service must also be a Citrix server Read Only administrator who is able to load the Citrix PSSnapin.
      • The Kerberos Auth service supports only the following special characters in the domain user account password:

        ! ( & % @ / = ? * , .

        If the password contains any other special characters, Kerberos Auth service installation fails.

      • In Workspace ONE Access connector, the Virtual App service does not support the # character in the domain user account password.
  • (Kerberos Auth service and Virtual App service only) For the installer to be able to browse to and validate domains and users during installation:
    • The Windows server must be domain joined.
    • NetBIOS over TCP/IP must be enabled.
    • Broadcast traffic should be enabled on the network.
  • If you plan to configure proxy server settings, you need the proxy server host name or IP address, port, and, if the proxy server requires authentication, a user name and password.

    If you plan to specify non-proxy hosts, hosts that should be reached directly without going through the proxy server, you need the hosts' host name or IP address, and port.

  • If you plan to configure a syslog server, you need the syslog server's fully-qualified domain name or IP address, and port. You can configure multiple syslog servers.

    You can set up any of the standard syslog servers available. The connector must be able to reach the syslog server on the configured port, for example, 514 (UDP).

  • A trusted SSL certificate is required for the Kerberos Auth service only. The certificate can be uploaded during installation or later. See Uploading an SSL Certificate for the Kerberos Auth Service for requirements.
  • If you plan to install the connector in FIPS mode, see Workspace ONE Access Connector and FIPS Mode (Workspace ONE Access FedRAMP Only) for additional requirements and prerequisites.