You can determine the Workspace ONE UEM installation token you need based on your server configuration. Learn how to determine your Workspace ONE UEM token.

Toward the end of your Workspace ONE UEM installation, you may see a Global Enterprise Manager screen asking for your Installation Token generated from myWorkspaceONE. This token is used to provision the necessary secure channel certificate to your Workspace ONE UEM database if it is not already present, such as in a new installation.

To retrieve the token automatically, your Workspace ONE UEM application server must have outbound Internet access to the Workspace ONE UEM signing service.

If your Workspace ONE UEM application server does not have outbound Internet access to the signing service, as defined under Network Requirements, then the Authentication Token field does not display on the Global Enterprise Manager, and you must generate the token manually.

Generate Installation Token from myWorkspaceONE (Automatic) 

Generate and upload a token to install Workspace ONE UEM automatically on your server.

To retrieve the token automatically, your Workspace ONE UEM application server must have outbound Internet access to the Workspace ONE UEM signing service, as defined under Network Requirements in the Workspace ONE UEM Recommended Architecture Guide.

  1. After Workspace ONE UEM installs, go to the Global Enterprise Manager screen and enter your Company Name and Environment Type.

  2. Select the myWorkspaceONE link. If the token field is not displayed, then no certificates are needed or the signing service could not be reached. If the service cannot be reached, see the information below for generating an installation token manually.

  3. Log in to myWorkspaceONE and navigate to myWorkspaceONE > My Company.

  4. Select Certificate Signing Portal.

  5. Select Authorize Install.

  6. Select Generate a Token.

  7. Enter your token in the Installation Token field on the Global Enterprise Manager screen to complete the installation.

Generate Installation Token from myWorkspaceONE (Manual)

If your Workspace ONE UEM application server does not have outbound Internet access to the signing service, as defined under Network Requirements, then the Authentication Token field does not display on the Global Enterprise Manager. In this case, the manual flow installer is automatically launched. In case the installer is not automatically launched, you can manually run it by navigating to AirWatch\Supplemental Software\CertInstaller\ and running CertificateInstaller.exe. This EXE file opens a screen to guide you through the manual installation method.

  1. Select Next to continue and start the wizard.

  2. Select whether to use SQL Authentication or Windows Authentication. Select the same option that you chose during the main installation procedure. For SQL Authentication, the appropriate credentials are seeded in your config file. For Windows Authentication, you must enter the credentials of the Windows user to authenticate.

  3. Select the Get File button and generate a PLIST file that contains a batch of certificate signing requests. Save this file to a location that has outbound Internet access to the myAirWatch signing service.

  4. Log in to myAirWatch and navigate to Hamburger menu > myAirWatch >  My Company.

  5. Select Certificate Signing Portal.

  6. Select Authorize Install.

  7. Select Upload Your File.

  8. Using the link, upload a PLIST file from your computer and select the PLIST file you saved previously.

  9. Select Upload This File and save the file provided.

  10. In the installer, select Set File and select the file myAirWatch provided.

Note:

The Next button is enabled and you may proceed with installation. If you see theInstallation Failed screen at any point during installation, select Back to try again, or contact Workspace ONE Support for assistance.