Workspace ONE Access Connector 23.09

Workspace ONE Access connector 23.09 is compatible with Workspace ONE Access Cloud and Workspace ONE Access for FedRAMP.

The following is a list of Connector resolved issues.

• HW-180874: The Default Launch Client setting for Horizon virtual apps collections is ignored

• HW-170798: Unable to sync Horizon Enterprise virtual apps collections when using a connection via a proxy

• HW-174051: Updating a virtual apps collection resets the network range

• HW-172671: Citrix App launch fails on Firefox browser

• HW-171435: Citrix App launch fails when the first connector in the virtual apps collection is down

• HW-170576: Unable to sync virtual apps collections when using a connection via a proxy

• HW-174269: Workspace ONE Access Connector 22.09.1 fails to install when the domain name has a '_' character

• HW-181989: Saving or syncing a Horizon virtual apps collection when a Horizon server is down removes existing  metadata

• HW-170576: When a proxy is configured, the Virtual App service is unable to fetch metadata from a Horizon Cloud Service Single-Pod Broker setup

Announcing General Availability of Mobile SSO for Apple Device Authentication

We are excited to announce the general availability of the Mobile SSO for Apple devices authentication - the next generation Mobile SSO feature in Workspace ONE Access.

As part of the iOS 13 SDK and MDM spec, Apple introduced a new cross-platform SSO extension that offered a native SSO approach using standard federation protocols. Mobile SSO for Apple devices in Workspace ONE Access leverages this native SSO Extension SDK in Apple.

In addition to providing seamless SSO across iOS and iPadOS devices,  Mobile SSO for Apple in Workspace ONE Access offers configurable biometric authentication that allows using the platform's built-in biometric authenticators such as TouchID, FaceID or Passcode for additional authentications before accessing applications.

The Mobile SSO for Apple authentication method features the ability to limit Single Sign-On to selected apps. The solution uses certificate based authentication to Workspace ONE Access and supports Workspace ONE Shared iOS devices Check-In Check-Out use cases.

NOTE: Workspace ONE Intelligent Hub must be installed in the devices participating in SSO.

Mobile SSO for Apple is a replacement for Mobile SSO for iOS that's available with Workspace ONE Access today. Both solutions can however co-exist as part of migration configuration. A gradual migration from Mobile SSO for iOS to Mobile SSO for Apple is recommended. Migration steps can be found here.

This feature is available only in the Workspace ONE Access Cloud environment.

Support for Windows 11 devices in Workspace ONE Access Policy Rules

Workspace ONE Access now recognizes Windows 11 devices for enrollment and conditional access. Prior to this support, access policies with device type set to Windows 10 were not applied to Windows 11 devices. With this update, the Windows 10+ device type rules will be used for Windows 10 and Windows 11 devices. This functionality is supported across all Windows 11 devices, including desktops and mobile devices.

Workspace ONE Access Now Supports FIDO2 as Primary Authenticator

Workspace ONE Access now allows FIDO2 authenticators to be configured as primary authenticators. Prior support of FIDO2 authentication was limited to step-up authentication. With this release, end users can authenticate into Workspace ONE Access using a FIDO2 authenticator. End users can also self-register a FIDO2 authenticator. Both platform authenticators (mobile devices, laptops etc. that support FIDO2) and third-party authenticators (Yubikey, USB secure devices etc.) are supported.

Discontinuation of unsupported VMware Identity Manager Connectors

In this release of Workspace ONE Access Cloud, all functionality will cease on unsupported Connectors in any environment. To continue the functionality of all features, a supported version of the Workspace ONE Access Connector must be in use.

Environments that have unsupported Connectors running will have the following functionality discontinued with this change.

1. Directory integration of Active Directory and other supported LDAP servers

2. Change password for Active Directory users

3. User authentication using connector-based authentication methods

4. Virtual App Collections integration, including launch 

More information can be found in this VMwre KB article.

Renewed Workspace ONE Access reporting interface in the Workspace ONE Access console

Workspace ONE Access reporting received a renewed facelift for administrator users. This new design is up to date and allows for simple navigation through the following reports.

• Recent Activity

• Resource Usage

• Resource Entitlements

• Resource Activity

• Group Membership

• Users

• Device Usage

• Provisioning Status

• Audit Events

Actions can be reconfigured with ease in new Role configuration page in the Workspace ONE Access console

The new navigation for configuring Roles allows for all actions to be added, reconfigured, and removed for a service. Roles can be customized with specific actions for each service in any fashion. Users that can manage administrator roles will also be able to delete any or all of the actions configured for a service.

Diminished functionality of unsupported VMware Identity Manager Connectors

In the March release of Workspace ONE Access Cloud, any environment that is using unsupported Connectors no longer can create, edit, or delete directories. To continue the functionality of all features, a supported version of the Workspace ONE Access Connector must be in use. Every customer is strongly encouraged to migrate to the latest Connector as soon as possible.

The ability to synchronize pre-existing directories will continue to function for both scheduled and on-demand syncs. More information can be found at https://kb.vmware.com/s/article/90808.

Refreshed Workspace ONE Access Navigation Pages

We are adding new navigation pages to the Workspace ONE Access console that were refreshed with an up-to-date design. The following pages have a fresh look and feel.

• UEM Integration page

• Directory page

• Identity Provider page

The Auto Discovery and Terms of Use pages were removed as they are related to the Workspace ONE App that reached EOL. Information about the Workspace ONE App EOL can be found in the April 2022 release notes.

New Option to Show Password on Login Screen

We are introducing a new toggle on the login screen to let users select to show the password when they are prompted to log in and authenticate using Workspace ONE Access services. This new feature will be available on authentication screens that use the password authentication method.

Workspace ONE Access Now Supports FIDO2 Authentication on Mobile Browsers

Workspace ONE Access now allows FIDO2 authenticators to be registered and used for authentication on mobile browsers. Prior support of FIDO2 registration and authentication was limited to desktop browsers. With this release, end users can authenticate into Workspace ONE Access federated apps using a FIDO2 authenticator (i.e., YubiKey, Touch ID, Windows Hello, etc.) using mobile or desktop browsers. End users can also self-register a FIDO2 authenticator to be used as their primary authentication or as a second factor authentication.

Getting Started with VMware Identity Services

If you are a new customer of Workspace ONE Access and Workspace ONE UEM, we’ve added a service that will make user provisioning and federation easier! You can now leverage VMware Identity Services to configure a provisioned directory of users and groups using the SCIM 2.0 protocol in your Workspace ONE cloud admin console. VMware Identity Services will automatically provision users and groups, as well as authentication settings, to your Workspace ONE UEM and Workspace ONE Access admin consoles. 

Supported identity providers and directory sources:

• Azure AD, a cloud-based identity service in Microsoft Azure

• Generic SCIM 2.0 Identity Source (tested for Okta)

For more information, see the VMware Identity Services Release Notes.

Component Compatibility

Windows Server Supported

Workspace ONE Access Connector 23.09 supports the following versions.

• Windows Server 2022

• Windows Server 2019

• Windows Server 2016

• Windows Server 2012 R2

Web Browser Supported

• Mozilla Firefox, latest version

• Google Chrome, latest version

• Safari, latest version

• Microsoft Edge, latest version

Directory Server Supported

• Active Directory -Windows Server 2022, Windows Server 2019, Windows Server 2016, or Windows Server 2012 R2 with a Domain functional level and Forest functional level of Windows 2003 or later.

• OpenLDAP - 2.4

• Oracle LDAP - Directory Server Enterprise Edition 11g, Release 1 (11.1.1.7.0)

• IBM Tivoli Directory Server 6.3.1

Virtual Apps Compatibility

The Workspace ONE Access 23.09 connector supports VMware Horizon, Horizon Cloud Service, Citrix, and ThinApp integrations with the Virtual App service.

The following versions of Citrix are supported: Citrix Virtual Apps and Desktops 7 2203, Citrix Virtual Apps and Desktops 7 1912 LTSR, XenApp and XenDesktop 7.15 LTSR, and XenApp and XenDesktop 7.6 LTSR. The following versions of Citrix Gateway are supported: 12.1-62.27, 12.1-65.25, and 13.1-37.38. The connector supports the Citrix StoreFront API and does not support the Citrix Web Interface SDK.

For supported Horizon versions, see the VMware Product Interoperability Matrix.

Compatibility Matrix

VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components, such as VMware vCenter Server, VMware ThinApp, and Horizon.

Upgrade to VMware Workspace ONE Access Connector 23.09 (Windows)

Upgrade to Workspace ONE Access connector 23.09 is supported from versions 22.09.1.0, 22.09.0.0, 22.05, 21.08.0.1, and 21.08.0.0.

See the Upgrading to VMware Workspace ONE Access Connector 23.09 guide for information.

Migrating to Workspace ONE Access Connector 23.09 (Windows)

You can migrate to Workspace ONE Access connector 22.09.1.0 from the same versions as those supported for 22.09.0.0

From Workspace ONE Access connector version 19.03.x, a migration path to version 22.09 is available. The process includes installing new 22.09 connectors and migrating your existing directories and virtual apps collections to the new connectors. Migration is a one-time process, and you must migrate directories and virtual apps collections together.

After the migration is complete, you no longer need the Integration Broker for Citrix integrations. The required functionality is now part of the Virtual App service component of the Workspace ONE Access connector.

See Migrating to VMware Workspace ONE Access Connector 22.09 guide for information.

After migrating the legacy connectors to version 22.09, you can upgrade them to 23.09.

The VMware Workspace ONE Access documentation in in the VMware Workspace ONE Access Documentation Center.

VMware Workspace ONE Access is available in the following languages.

• English

• French

• German

• Spanish

• Japanese

• Simplified Chinese

• Korean

• Traditional Chinese

• Russian

• Italian

• Portuguese (Brazil)

• Dutch

Contact VMware Support when you need help with your Workspace ONE Access environment. You can submit a support request to VMware Support online using your VMware CustomerConnect account or by phone.

KB article 2151511, How to access VMware Workspace ONE Support describes how to contact Workspace ONE Support.