Diminished functionality of unsupported VMware Identity Manager Connectors

In the March release of Workspace ONE Access Cloud, any environment that is using unsupported Connectors will no longer be able to create, edit, or delete directories. To continue the functionality of all features, a supported version of the Workspace ONE Access Connector must be in use. Every customer is strongly encouraged to migrate to the latest Connector as soon as possible.

The ability to synchronize pre-existing directories will continue to function for both scheduled and on-demand syncs. More information can be found at https://kb.vmware.com/s/article/90808.

Refreshed Workspace ONE Access Navigation Pages

We are adding new navigation pages to the Workspace ONE Access console that were refreshed with an up-to-date design. The following pages have a fresh look and feel.

• UEM Integration page

• Directory page

• Identity Provider page

The Auto Discovery and Terms of Use pages were removed as they are related to the Workspace ONE App that reached EOL. Information about the Workspace ONE App EOL can be found in the April 2022 release notes.

New Option to Show Password on Login Screen

We are introducing a new toggle on the login screen to let users select to show the password when they are prompted to log in and authenticate using Workspace ONE Access services. This new feature will be available on authentication screens that use the password authentication method.

Workspace ONE Access Now Supports FIDO2 Authentication on Mobile Browsers

Workspace ONE Access now allows FIDO2 authenticators to be registered and used for authentication on mobile browsers. Prior support of FIDO2 registration and authentication was limited to desktop browsers. With this release, end users can authenticate into Workspace ONE Access federated apps using a FIDO2 authenticator (i.e., YubiKey, Touch ID, Windows Hello, etc.) using mobile or desktop browsers. End users can also self-register a FIDO2 authenticator to be used as their primary authentication or as a second factor authentication.

Getting Started with VMware Identity Services

If you are a new customer of Workspace ONE Access and Workspace ONE UEM, we’ve added a service that will make user provisioning and federation easier! You can now leverage VMware Identity Services to configure a provisioned directory of users and groups using the SCIM 2.0 protocol in your Workspace ONE cloud admin console. VMware Identity Services will automatically provision users and groups, as well as authentication settings, to your Workspace ONE UEM and Workspace ONE Access admin consoles. 

Supported identity providers and directory sources:

• Azure AD, a cloud-based identity service in Microsoft Azure

• Generic SCIM 2.0 Identity Source (tested for Okta)

For more information, see the VMware Identity Services Release Notes.

Component Compatibility

Windows Server Supported

Workspace ONE Access Connector 22.09.1.0 supports the following versions.

• Windows Server 2022

• Windows Server 2019

• Windows Server 2016

• Windows Server 2012 R2

Web Browser Supported

• Mozilla Firefox, latest version

• Google Chrome, latest version

• Safari, latest version

• Microsoft Edge, latest version

Directory Server Supported

• Active Directory - Activy Directory on Windows Server 2022 (Workspace ONE Access connector 22.09.1.0 and later); Windows Server 2019, Windows Server 2016, or Windows Server 2012 R2 with a Domain functional level and Forest functional level of Windows 2003 or later.

• OpenLDAP - 2.4

• Oracle LDAP - Directory Server Enterprise Edition 11g, Release 1 (11.1.1.7.0)

• IBM Tivoli Directory Server 6.3.1

Virtual Apps Compatibility

The Workspace ONE Access 22.09 connector supports VMware Horizon, Horizon Cloud Service, Citrix, and ThinApp integrations with the Virtual App service.

The following versions of Citrix are supported: Citrix Virtual Apps and Desktops 7 2203, Citrix Virtual Apps and Desktops 7 1912 LTSR, XenApp and XenDesktop 7.15 LTSR, and XenApp and XenDesktop 7.6 LTSR. The connector supports the Citrix StoreFront API and does not support the Citrix Web Interface SDK.

For supported Horizon versions, see the VMware Product Interoperability Matrix.

Compatibility Matrix

VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components, such as VMware vCenter Server, VMware ThinApp, and Horizon.

Upgrade to VMware Workspace ONE Access Connector 22.09

You can upgrade Workspace ONE Access connector versions 22.05, 21.08.x, 20.10.x, and 20.01.x to version 22.09.

See the Upgrading to VMware Workspace ONE Access Connector 22.09 guide for information.

Migrating to Workspace ONE Access Connector 22.09 (Windows)

From Workspace ONE Access connector version 19.03.x, a migration path to version 22.09 is available. The process includes installing new 22.09 connectors and migrating your existing directories and virtual apps collections to the new connectors. Migration is a one-time process, and you must migrate directories and virtual apps collections together.

After the migration is complete, you no longer need the Integration Broker for Citrix integrations. The required functionality is now part of the Virtual App service component of the Workspace ONE Access connector.

Important:

• All legacy connectors must be version 19.03.x before you can migrate.

• To migrate ThinApp virtual apps collections, you must first migrate from the Linux 2018.8.1.0 connector to the Windows 19.03.0.1 connector. Then, migrate from version 19.03.0.1 to version 22.09.

See Migrating to VMware Workspace ONE Access Connector 22.09 guide for information.

Certificate Requirement for Horizon Virtual Apps Collections

Ensure that the Horizon Connection Servers have valid certificates signed by a trusted Certificate Authority (CA). If the Horizon Connection servers have self-signed certificates, you must upload the certificate chain to the Workspace ONE Access connector instances on which the Virtual App service is installed to establish trust between the connectors and the Horizon Connection servers. This is a new requirement starting with the Workspace ONE Access connector 21.08. You upload the certificates using the connector installer. See Installing Workspace ONE Access Connector 22.09 for more information.

Requirements for RSA SecurID Authentication Method

The RSA SecurID integration has the following new requirements beginning with Workspace ONE Access connector version 21.08.

• In the RSA Security console, the Workspace ONE Access connector must be added as an authentication agent using the fully qualified domain name (FQDN). For example, connectorserver.example.com. If you have already added the connector as an authentication agent using the NetBIOS name instead of the FQDN, add another entry using the FQDN. Leave the IP address field empty for the new entry. Do not delete the old entry.

• If you deployed multiple instances of the RSA Authentication Manager server, you must configure them behind a load balancer. See Workspace ONE Access Requirements for RSA SecurID Load Balancer for more information.

The VMware Workspace ONE Access documentation in in the VMware Workspace ONE Access Documentation Center.

VMware Workspace ONE Access is available in the following languages.

• English

• French

• German

• Spanish

• Japanese

• Simplified Chinese

• Korean

• Traditional Chinese

• Russian

• Italian

• Portuguese (Brazil)

• Dutch

Contact VMware Support when you need help with your Workspace ONE Access environment. You can submit a support request to VMware Support online using your VMware CustomerConnect account or by phone.

KB article 2151511, How to access VMware Workspace ONE Support describes how to contact Workspace ONE Support.