VMware Workspace ONE Access Connector (Windows) 20.10 | October 2020 | Build Workspace ONE Access Connector 20.10.0 Installer.exe
VMware Identity Manager Connector (Windows) 19.03.0.1 | October 2020 | Build VMware Identity Manager Connector 19.03.0.1 Installer.exe
VMware Identity Manager Integration Broker 19.03.0.1 | October 2020 | Build 16975699
Latest Release - February 2021
What's in the Release NotesRelease notes cover the following topics
- What's New in the February Release
- What's New in Previous Releases
- Compatibility, Installation, and Upgrade
- Resolved Issues
Improved User and Group Provisioning into Workspace ONE UEM
The new Enable Certificate Auth option in the AirWatch Provisioning app simplifies the process and requirements for provisioning users and groups into Workspace ONE UEM from Workspace ONE Access. When this option is enabled, the AirWatch Provisioning app will mimic the settings that have been configured in the Workspace ONE Access console Identity & Access Management > Setup > VMware Workspace ONE UEM page. There are three main benefits to this update.
- When using certificate-based authentication, administrators no longer need to update the password of the account used for user and group provisioning every 30 days.
- If the integration between Workspace ONE Access and Workspace ONE UEM was configured using Workspace ONE UEM’s wizard (found in Workspace ONE UEM console System > Enterprise Integration > Workspace ONE Access > Configuration page), user and group provisioning events will no longer count against Workspace ONE UEM’s REST API request limits.
- The initial setup of the AirWatch Provisioning app is simplified as most of the required values are automatically populated.
Improved iPad Device Identification for Conditional Access Policies
With this release of Workspace ONE Access, iPads are no longer incorrectly identified as macOS devices based on their User-Agent string. This allows the iOS and iPad device types to be used to apply Conditional Access to iPads. The iOS device type can be used to uniformly apply Conditional Access to both iOS and iPadOS devices whereas the iPad device type can be used in environments where a different authentication experience between iOS and iPadOS devices is desired. Note that the iPad device type must be placed at a higher priority than the iOS device type if both options are being used in a single policy.
This change is required because in iPadOS 13 Apple changed the default behavior of the Safari browser so that it requests the Desktop version of web pages on an iPad rather than the Mobile version. The default behavior ultimately means that iPads running iPadOS 13 or newer present themselves to Workspace ONE Access as a macOS device rather than an iPad. With the January release, the workaround described in this KB article is no longer required.
Workspace ONE Access now Supports FIDO2 as an Authentication Method
Workspace ONE Access now allows FIDO2 authenticators to be registered and used for authentication. With this release, end users can now authenticate into Workspace ONE Intelligent Hub and Workspace ONE Access federated apps using a FIDO2 authenticator (i.e., YubiKey, Touch ID, Windows Hello). End users can also self-register a FIDO2 authenticator to be used as their primary or secondary method of authentication. Administrators also can add, remove, block, or unblock authenticators on behalf of end users. Note: FIDO2 authentication currently only supports authentication in desktop browsers.
FIDO2 authentication is only available for Workspace ONE SaaS customers.
Introducing Login Risk Based Conditional Access
With the new Login Risk Score Authentication Method, you can now factor in a user's login risk score to authentication decisions. This means you can define policies using the login risk score to apply the right access controls when a user tries to access the network. For example, if the login risk score is low – allow access, medium – ask for MFA (Multi Factor Authentication) (multi-factor authentication, for example with RSA SecurID or VMware Verify), and high – deny access.
The login risk score is assigned by Workspace ONE Intelligence using its proprietary risk scoring engine. See Risk Scores - What are Login Risk Scores in the Workspace ONE Intelligence documentation.
Limit Monitoring Dashboard
To ensure service availability, the Workspace ONE Access SaaS service sets rate limits and concurrency limits on certain APIs. When these limits are exceeded, a 429 'Too many requests' error is returned, and your users might not be able to log in or launch applications temporarily. When this happens, users can wait a minute before trying again. The new Limit Monitoring dashboard allows you to view these limits and monitor your usage against them.
VMware Workspace ONE Access is available in the following languages.
- Simplified Chinese
- Traditional Chinese
- Portuguese (Brazil)
Windows Server Supported
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
Web Browser Supported
- Mozilla Firefox, latest version
- Google Chrome 42.0 or later
- Internet Explorer 11
- Safari 6.2.8 or later
- Microsoft Edge, latest version
- MS SQL 2012, 2014, 2016, 2017
Directory Server Supported
- Active Directory - Single AD domain, multiple domains in a single AD forest, or multiple domains across multiple AD forests.
- OpenLDAP - 2.4.42
- Oracle LDAP - Directory Server Enterprise Edition 11g, Release 1 (22.214.171.124.0)
- IBM Tivoli Directory Server 6.3.1
Component Versions No Longer Supported
- Windows Server 2008R2
- Windows Server 2012
This impacts Workspace ONE Access Connectors, Integration Broker, or database that might be installed on these versions of the Windows server.
This impacts Active Directory if it running on these versions of a Windows server.
VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components, such as VMware vCenter Server, VMware ThinApp, and Horizon 7.
VMware Connector Compatibility
VMware Workspace ONE Access Connector 126.96.36.199 (Windows)
The VMware Workspace ONE Access connector is an on-premises component of VMware Workspace ONE Access that integrates with your on-premises infrastructure. The connector is a collection of enterprise services that can be installed individually or together on Windows servers. The following service components can be installed.
- Directory Sync service to sync users from your enterprise directories
- User Auth service that includes Password (cloud), RSA SecurID (cloud), and RADIUS (cloud)
- Kerberos Auth service for Kerberos authentication
Migrating to Workspace ONE Access 20.10 Connectors
If you are upgrading to Workspace ONE® Access™ 20.10 from a version prior to 19.03, to use the new Workspace ONE Access 20.10 connectors you must follow a migration process. The process includes installing new 20.10 connectors and migrating your existing directories to the new connectors.
You cannot upgrade legacy connector versions to 20.10. You migrate to the 20.10 connector from legacy connectors, you migrate your directories. When you migrate the directories, all data, including authentication methods and identity providers, is migrated.
Upgrade to 20.10
To upgrade Workspace ONE Access connector 20.01 to 20.10, see Upgrading to VMware Workspace ONE Access Connector 20.10.
VMware Workspace ONE Access Connector 19.03.0.1You can upgrade to the Windows-based VMware Identity Manager connector 19.03.0.1 from version 19.03.0.0 to get the latest security updates and resolved issues. The 19.03.0.1 connector supports Virtual Apps, specifically Horizon, Horizon Cloud, and Citrix integrations with Workspace ONE Access. See Upgrading to VMware Identity Manager Connector (Windows) 19.03.0.1.
The Workspace ONE Access 20.10 connector does not support Virtual Apps (Citrix, Horizon, Horizon Cloud, and ThinApp integrations). If your environment includes Virtual Apps or you plan to use Virtual Apps in the future, do not migrate to Workspace ONE Access 20.10 connectors.
To use virtual apps with Workspace ONE Access 20.10, you must use VMware Identity Manager connector version 19.03.0.0 or 19.03.0.1
To use VMware ThinApp with Workspace ONE Access 20.01, you must use VMware Identity Manager Linux-based connector appliance version 2018.8.1. If you use ThinApp packages do not upgrade to the 19.03 or the 20.10 version of VMware Workspace ONE Access connector.
- VMware Identity Manager Desktop 3.2 | March 2018 | Build 7952055 is used with ThinApp packages
The VMware Workspace ONE Access documentation is in the VMware Workspace ONE Access Documentation Center.