You can use the Workspace ONE Access console to monitor the service and connectors, manage use accounts, manage resources in the catalog, and configure and manage Workspace ONE Access components and settings.

When you have administrator privileges, you can log into the Workspace ONE Access console from your Workspace ONE Intelligent Hub user portal page. To open the console, click your profile on the right and select Workspace ONE Access Console.

To access the Workspace ONE Access console directly, enter the Workspace ONE Access URL as https://<>/SAAS/admin. When the login page displays, select the domain, if requested and log in with your Active Directory user name and password, or select System Domain and log in as the Workspace ONE Access admin.

The Workspace ONE Access console menus provide easy access to monitor activity and perform various functions in the Workspace ONE Access service.

Working in the Workspace ONE Access Admin Console Pages

(Cloud only) In the SaaS April 2022 release, the Workspace ONE Access console is redesigned for better navigation to key settings. To start using the new admin console, use the New Navigation toggle in the admin console header to quickly switch to the new user interface.

Figure 1. Toggle from Legacy Workspace ONE Access Console
Toggle in the header to change to the new admin console design

(On premises) Beginning with Workspace ONE Access version 22.09, the Workspace ONE Access console is redesigned for better navigation to key settings.

Where to find Workspace ONE Access settings in the new console

New Tab Includes these settings

Dashboard, Limit, and Report monitoring tools.

For on premises deployments, the Resiliency monitoring page is the system diagnostics dashboard.

Accounts Users and Groups and the Roles tabs
Resources Catalog tab content and the Policies page that was in Identity & Access Management.

Directories, Identity Providers, Authentication Methods, Magic Link, Connectors, Okta, and Workspace ONE UEM integrations.

In addition, Hub Configuration is moved here from the Catalog tab.


Auto Discovery, Branding, Login Preferences, Password Policy, Password Recovery, Terms of Use, and User Attributes

(Cloud only) Settings also includes a new OAuth 2.0 Management setting. OAuth 2.0 Management is the redesigned Remote App Access setting that was in the Catalog > Settings section. The OAuth 2.0 Management configuration design is not available in the legacy admin console.

For on premises deployments, Appliance and Remote App Access settings are available.

The April 2022 Workspace ONE Access publications shows you how to configure features with the New Navigation toggle turned on in the redesigned Workspace ONE Access admin console. To see information about how to configure features using the old navigation, go to the Workspace ONE Access Cloud > Legacy Admin Console-Based Documents folder in the Workspace ONE Access documentation center. The legacy Workspace ONE Access documents will not be updated with new features after April 2022.

Navigating in the Latest Workspace ONE Admin Console

This section describes where to navigate in the horizontal tabs to Workspace ONE feature settings in the updated admin console.

Figure 2. Updated Admin Console Navigation
Menu Bar in New Workspace ONE Access Admin Console
Menu Description
Monitor Provides access to:
  • Dashboard to monitor user activity and resources used. This dashboard displays information about who signed in, which applications are being used, and how often they are being used.
  • Limits. Use the Limit Monitoring dashboard to view the rate and concurrency limits that the Workspace ONE Access cloud service imposes on log in, launch, and WS-Fed API requests per tenant, and to monitor your use of these APIs.
  • Reports. You can create reports to track users' and groups' activities, resource and device use, and audit events by user.
  • (On premises only) Resiliency. For on premises deployments, Resiliency is a system diagnostics dashboard that displays a detailed overview of the health of the service in your environment. You can also manage the configuration of the appliance, including SSL certificates for the appliance, change the service admin and system passwords.
Accounts Provides access to:
  • Users and User Groups where you manage and monitor users and groups imported from your Active Directory or LDAP directory, create local users and groups, and entitle the users and groups to resources.
  • Roles. You manage administrator roles. Users can be assigned as admins to the three pre-defined administrator roles and you can create custom administrator roles that give limited permissions to specific services in the Workspace ONE Access console.
Resources Provides access to:
  • Web Apps to add, applications and assign them to user and groups.
  • Virtual Apps and Virtual Apps Collections where you manage Horizon, Citrix, Horizon Cloud, and ThinApp desktops and application integrations.
  • Policies to add and manage the access policies and network ranges.

See the Setting Up Resources guide for information about setting up resources in the Workspace ONE Access service.

See the Managing Authentications Methods in VMware Workspace ONE Access guide for information about managing policies.

Integrations Provides access to:
  • Authentication Methods to configure cloud authentication methods associated to theWorkspace ONE Access service. These authentication methods are then associated with the built-in identity providers.
  • The Connectors page that lists the connectors that are deployed inside your enterprise network. The Workspace ONE Access connector is an on-premises component of Workspace ONE Access that integrates with your on-premises infrastructure.
  • Directories to integrate Active Directory over LDAP or Active Directory over Integrated Windows Authentication directories with the Workspace ONE Access service.
  • Connector Authentication Methods to configure the User Auth services connector-based authentication methods, including Password (cloud deployment, RSA SecurID (cloud deployment), and RADIUS (cloud deployment) and the Kerberos Auth service.
  • Hub Configuration page to access the Hub Services console from the Hub Configuration link.
  • Identity Providers to configure and manage Workspace ONE Access identity provider for Kerberos authentication, built-in identity provider for User Auth authentication methods and authentication methods managed by workspace one access, and third-party identity providers.
  • Magic Link to set up and enable the magic link that gives a one-time link to pre-hire users to access the Day Zero onboarding experience through the Workspace ONE Intelligent Hub portal.
  • Okta Catalog to enter your Okta tenant information to connect Workspace ONE Access to the Okta tenant and retrieve apps from Okta. See Integrating VMware Workspace ONE with Okta for configuration information.
  • Workspace ONE UEM Integration to view the Workspace ONE UEM integration with Workspace ONE Access settings. You can enable the catalog settings with UEM, enable compliance check to verify that managed devices adhere to Workspace ONE UEM compliance policies, and enable user password authentication through the AirWatch Cloud Connector (ACC). See Guide to Deploying VMware Workspace ONE with Workspace ONE Access guide.
Settings To provide access to:
  • Auto Discovery to register your email domain to use the auto-discovery service. This makes is easier for users to access their apps portal using the Workspace ONE Intelligent Hub app. End users can enter their email addresses instead of the organization's URL when they access their apps portal through Workspace ONE Intelligent Hub.
  • Branding pages to customize the appearance of the Workspace ONE Access user sign-in screen.
  • Catalog to select the launcher preference dialog for Windows, Mac OSX, and Mobile, customize the user portal page, and to enable People Search.
  • Login Preferences to manage how the login page displays, select the user sign-in unique identifier option, customize the sign in prompt, enable sync group member when adding groups.
  • (Cloud only) OAuth 2.0 Management to grant access to client applications with OAuth 2.0 using Workspace ONE Access as the identity provider.
    Note: The OAuth 2.0 Management section replaces Remote App Access in cloud deployments.
  • Password Policy to manage the password restrictions for local users.
  • Password Recovery to configure the password recovery page that displays when users click Forgot password.
  • Terms of Use page to set up Workspace ONE terms of use and ensure that end users accept these terms of use before using the Hub portal.
  • User Attributes page lists the default user attributes that sync in the directory. You can add other attributes that you can map to Active Directory attributes. See the Directory Integration with VMware Workspace ONE Access guide.
  • (On premises only) Appliance page has tabs to configure SMTP for secure communications, add the license and review the VMware customer experience improvement program.
  • (On premises only) Remote App Access pages are used to create a single client to enable a single application to register with the Workspace ONE Access service or to create a template to enable a group of clients to register dynamically with the Workspace ONE Access service to allow access to specified apps.

Supported Web Browsers to Access the Workspace ONE AccessConsole

The Workspace ONE Access console is a web-based application you use to manage the Workspace ONE Access service. You can access the console from the latest versions of Mozilla Firefox, Google Chrome, Safari, and Microsoft Edge.

Workspace ONE Intelligent Hub for End Users

End users can access entitled resources from the Workspace ONE Intelligent Hub app on their devices or from the Hub portal in web browsers. The Hub portal is the default interface used when users access and use their entitled resources with a browser.

When the Workspace ONE UEM service is integrated with Workspace ONE Access, end users can see all applications that they are entitled to. Native applications that are internally developed or publicly available in app stores can be made available to your end users from the Hub portal.