VMware Workspace ONE Access | DECEMBER 2022

VMware Workspace ONE Access Connector (Windows) | 13 DEC 2022 | Build Workspace ONE Connector exe

Updated December 19, 2022. See Known Issues in May Release

FedRAMP December 2022 Release

New Admin Console Navigation Enabled for All Customers

The Workspace ONE Access console has been migrated to the new navigation for all users. The toggle to revert to the older navigation was removed from the console header for all customers. For an overview of the changed console, see the Workspace ONE Access Console Features and Settings topic, Navigating in the Workspace ONE Access Admin Console section.

FedRAMP October 2022 Release

Introducing the Redesigned Workspace ONE Access Navigation

The redesigned Workspace ONE Access admin console improves your ability to navigate and edit key settings, helping you achieve your business goals. A new toggle at the header in the console will help you switch to the redesigned console and you can switch back for easy comparison.

Important: The New Navigation toggle in the header of your Workspace ONE Access console will be switched on in the middle of November to show the new navigation by default for all administrators. The toggle will be removed from the header in December 2022. Until the toggle is removed, admins can select the toggle to switch back to the old console.

Pages are grouped under five tabs - Monitor, Accounts, Resources, Integrations, and Settings, with menus located on the left side panel. The former Manage and Setup buttons were removed to simplify the configuration process.   

  • Monitor includes the former Dashboard tab as well as Limit and Report monitoring tools.

  • Accounts groups together the former Users & Groups and Roles tabs.

  • Resources replaced the Catalog tab and includes Policies as they provide secure access to the end-user portal.

  • Integrations include the on-premises and cloud components you integrate with Workspace ONE Access to manage users, configure authentication methods, and set up third-party integrations.

  • Settings is now a top-level navigation tab for faster access to branding, password policies, OAuth 2.0 management, and other settings. 

We’ve redesigned several key pages to help you explore Workspace ONE Access functionality. When the toggle is on, some pages have critical improvements. For example, the User Profile page has a new look that also supports editing user roles from that page (Edit Roles) and overview of user activity (Activities Tab). For the Users page, we simplified user search by adding advanced search and sorting by user name. In the Settings tab, OAuth 2.0 pages are redesigned, Password Policies and Password Recovery pages are displayed together, and the User Attributes page is updated. For more information about the new console, see Workspace ONE Access Features and Settings topic.

Note: The change will affect all admin users in your tenant.

Managing OAuth 2.0 Clients in Workspace ONE Access

When the New Navigation toggle is turned on in the redesigned console, Remote App Access is re-named to OAuth 2.0 Management and was moved to the Settings Tab. Workspace ONE Access uses OAuth 2.0 to enable applications and create a secure delegated access to applications enabled in the Hub catalog.

You can create a single OAuth 2 client to enable a single application to register with Workspace ONE Access. You can also create a template to enable a group of clients to register dynamically to allow access to specified applications.

Improvements of the OAuth 2.0 Management page include:

  • Clients and Templates now support removal from listings

  • Templates are now editable

  • Ability to create own secret for a client is removed

  • And built-in templates and internal clients are now hidden

FedRAMP May 2022 Release

Connector Support for Horizon Cloud Service on Microsoft Azure with Single-Pod Broker (Workspace ONE Access Cloud only)

The 22.05 release of the Workspace ONE Access Connector include support for integrating with Horizon Cloud Service on Microsoft Azure with Single-Pod Broker and Horizon Cloud Service on IBM Cloud. This will allow for the legacy connectors that are used for virtual apps to be migrated from version 19.03 or to version 22.05 connector. Both directories and virtual apps collections must be migrated together during this one-time process.

FIPS Mode Support for the Connector (Workspace ONE Access Cloud only)

The 22.05 Workspace ONE Access Connector includes an option to enable FIPS mode during installation. FIPS mode will set the connector to run with data and encryption that is secure at a level of compliance encouraged by the United States government. The algorithms used are FIPS 140-2 compliant algorithms.

Workspace ONE Access Connectors with FIPS mode enabled will not support integrating with Citrix, Horizon, Horizon Cloud Service on Microsoft Azure with Single-Pod Broker, or Horizon Cloud Service on IBM Cloud. A Workspace ONE Access Connector with FIPS mode enabled will support integrating virtual apps that are running in Horizon Cloud Service on Microsoft Azure with Universal Broker.


  • The FIPS mode option is not available when you upgrade to a 22.05 connector. The option to enable FIPS mode is supported only in new connector installations.

  • If you enable FIPS mode in the connector, to disable FIPS mode, you must reinstall the connector.

Resolved Issues in May 2022

  • HW-151085. Fixed an issue where the wrong application display name was displayed on Horizon applications.

  • HW-155731. The computer object is no longer retrieved from Active Directory when syncing group memberships.

  • HW-126664. Resolved issues with the Workspace ONE Access connector retrying to establish a connection.

Known Issues in May Release

NEW December 19, 2022

HW-170576 – Workspace ONE Access 22.05 Connector. When a proxy is configured, Virtual App Service is unable to fetch metadata from Horizon Cloud Service Single Pod Broker setup.

Contact VMware Support to request a patch.

Compatibility, Installation, and Upgrade for Workspace ONE Access Cloud Releases

Component Compatibility

Windows Server Supported

  • Windows Server 2012 R2

  • Windows Server 2016

  • Windows Server 2019

Web Browser Supported

  • Mozilla Firefox, latest version

  • Google Chrome, latest version

  • Safari, latest version

  • Microsoft Edge, latest version

Database Supported

  • MS SQL 2014, 2016, 2017, 2019

  • Important: Microsoft SQL server 2012 and 2014 must be updated with the Microsoft SQL patch to support TLS 1.2.

Directory Server Supported

  • Active Directory - Single AD domain, multiple domains in a single AD forest, or multiple domains across multiple AD forests.

  • OpenLDAP - 2.4.42

  • Oracle LDAP - Directory Server Enterprise Edition 11g, Release 1 (

  • IBM Tivoli Directory Server 6.3.1

Virtual Apps Compatibility

The Workspace ONE Access 22.09 connector supports VMware Horizon, Horizon Cloud Service, Citrix, and ThinApp integrations with the Virtual App service.

The following versions of Citrix are supported: Citrix Virtual Apps and Desktops 7 2203, Citrix Virtual Apps and Desktops 7 1912 LTSR, XenApp and XenDesktop 7.15 LTSR, and XenApp and XenDesktop 7.6 LTSR. The connector supports the Citrix StoreFront API and does not support the Citrix Web Interface SDK.

For supported Horizon versions, see the VMware Product Interoperability Matrix.

Compatibility Matrix

VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components, such as VMware vCenter Server, VMware ThinApp, and Horizon 7.

Upgrade to VMware Workspace ONE Access Connector 22.09 (Windows)

The latest Workspace ONE Access connector was released in September 2022.

The VMware Workspace ONE Access connector is an on-premises component of VMware Workspace ONE Access that integrates with your on-premises infrastructure. The connector is a collection of enterprise services that can be installed individually or together on windows servers. The following service components can be installed.

  • Directory Sync service to sync users from your enterprise directories

  • User Auth service that includes Password (cloud), RSA SecurID (cloud), and RADIUS (cloud)

  • Kerberos Auth service for Kerberos authentication

You can upgrade Workspace ONE Access connector versions 22.05, 21.08.x, 20.10.x, and 20.01.x to version 22.09.

Note: The FIPS mode option was not available when you upgrade to a 22.05 connector. The option to enable FIPS mode is suported only in new connector installations. If the FIPS mode option is enabled in 22.05 connector, when you upgrade from 22.05, the upgraded connector will be in FIPS mode.

See the Upgrading to VMware Workspace ONE Access Connector 22.09 guide for information.

Migrating to Workspace ONE Access Connector 22.09 (Windows)

From Workspace ONE Access connector version 19.03.x, a migration path to version 22.09 is available. The process includes installing new 22.09 connectors and migrating your existing directories and virtual apps collections to the new connectors. Migration is a one-time process, and you must migrate directories and virtual apps collections together.

After the migration is complete, you no longer need the Integration Broker for Citrix integrations. The required functionality is now part of the Virtual App service component of the Workspace ONE Access connector.


  • All legacy connectors must be version 19.03.x before you can migrate.

  • To migrate ThinApp virtual apps collections, you must first migrate from the Linux 2018.8.1.0 connector to the Windows connector. Then, migrate from version to version 22.09.

See Migrating to VMware Workspace ONE Access Connector 22.09 guide for information.

Requirements for RSA SecurID Authentication Method

The RSA SecurID integration has the following new requirements:

In the RSA Security console, the Workspace ONE Access connector must be added as an authentication agent using the fully qualified domain name (FQDN). For example, connectorserver.example.com. If you have already added the connector as an authentication agent using the NetBIOS name instead of the FQDN, add another entry using the FQDN. Leave the IP address field empty for the new entry. Do not delete the old entry.

If you deployed multiple instances of the RSA Authentication Manager server, you must configure them behind a load balancer. See Workspace ONE Access Requirements for RSA SecurID Load Balancer for more information.


Workspace ONE Access documentation for FedRAMP can be found in the Workspace ONE Access Cloud section in the VMware Workspace ONE Access Documentation Center.

check-circle-line exclamation-circle-line close-line
Scroll to top icon