VMware Workspace ONE™ UEM integrates with Pradeo Security Systems so that you can send unmanaged applications from Workspace ONE UEM to your app scanning service. App reputation services scan network data, including applications, for vulnerabilities and threats to prevent and block malicious attacks to enterprise networks.
- Workspace ONE UEM calls Pradeo APIs on schedule and using the Workspace ONE UEM Integration Service.
- Workspace ONE UEM makes APIs available for Pradeo to call Workspace ONE UEM endpoints and this availability is why you enable the REST API. Pradeo does not call Workspace ONE UEM APIs.
- Pradeo APIs use HTTPS, which uses Secure Socket Layer (SSL) to provide communications security.
- Workspace ONE UEM calls to Pradeo APIs are synchronous and responses are immediate.
- Integration uses port 443 for communication.
Workspace ONE UEM Pre-requisites
|1. Workspace ONE UEM Actions||
Result – Workspace ONE UEM sends applications to Pradeo.
|2. Pradeo Actions||
Result – Pradeo sends results to Workspace ONE UEM identified as privacy, financial losses, and security.
3. Workspace ONE UEM Actions
Result – Workspace ONE UEM acts as per compliance policies on offending devices.
Workspace ONE UEMTroubleshooting Options
App scan integration works for the listed applications. It is available for SaaS and on-premises customers. It is available for Android and iOS unmanaged applications.
- Blacklisted Apps Remain Blacklisted
Once an application is blacklisted in the Workspace ONE UEM console using App Scan Integration it remains blacklisted unless unless you take action.
- Deactivate the blacklisted app group that includes the application.
- Reset the integration.
- Customer Type Organization Group
You must configure App Scan Integration using a Customer type organization group. Integration does not work using any other type of organization group.
- Pradeo Rules
Before enabling integration, ensure that your Pradeo rules are configured at the appropriate level to allow necessary applications and to block offending applications.
- Android Application Control Profile and Blacklists
The blacklisted app groups created by this integration are not available to use in the Android application control profile.
Custom Admin Role
To manage the integration, create a special admin user with restrictive roles. Special roles help to separate configurations and changes made for integration, so that they do not affect other areas of your Workspace ONE UEM deployment.
You want this custom admin role to access the Third-Party Integration page and to add or make edits to app groups. Give integration admins these abilities by adding a custom admin role with the listed categories, also known as permissions.
Enable REST API
This integration uses REST APIs, and APIs require authentication to integrate with Workspace ONE UEM. Enable the Workspace ONE UEM console to allow REST API authentication using Basic Authentication.
- Go to .
- Complete entries on the tabs.
Tab Settings General Select Enable API Access.
This selection automatically generates the API Key for the organization group.
Enter this key in Pradeo. Do not use an existing API key. Create a unique key for this integration.
Authentication Select Basic as the API authentication method.
Add your Pradeo information to the Workspace ONE UEM console so that the two systems can share applications and scan results.
- Navigate to .
- Select to enable communication between Workspace ONE UEM and Pradeo.
- Select Pradeo for Choose App Scan Vendor and complete the settings.
Setting Description Pradeo User Name Enter the username for your Pradeo environment so Workspace ONE UEM and Pradeo can communicate. Pradeo Password Enter the password for your Pradeo environment. Pradeo REST API URL Enter the URL for your Pradeo environment to direct Workspace ONE UEM to the service.
- Complete the following settings to display and configure the Application Group Creation area.
Setting Description Email Notification Select this check box to display configuration settings for notifications. Send Email To Enter email addresses to receive notifications about new app groups created by analysis. Use a comma to separate addresses. Message Template Use Message Preview to see the email that the system sends upon the creation of new app groups using the Vendor Application Group Creation Notification template.
Results in App Groups
Use Workspace ONE UEM to identify those applications that failed an app scan. Workspace ONE UEM lists them in blacklisted app groups. The system prevents access to applications in blacklisted app groups for security. Deactivate a group if you know the applications are secure for use.
In Created By filter to sort the list by Pradeo., use the
Deactivate Blacklisted App Groups
- Navigate to .
- Locate the Blacklisted app group with the needed application.
- Select the drop-down icon from the actions menu () and select Deactivate.
- Workspace ONE UEM does not display them in the list when you build your Compliance policy.
- Workspace ONE UEM removes the deactivated group from all Compliance policies.
Build an application compliance policy that acts on devices with non-compliant applications. Select Application List on the Rules tab and select Contains Vendor Blacklisted App(s) for integration.
To configure the compliance engine to monitor for applications from your reputation scanning system, add the blacklisted app group to the list. If the engine detects blacklisted applications on devices assigned to the compliance rule, the engine acts as configured in the rule.
Results of Reconfiguring Integration
- Disables the Third Party App Scan Analysis.
- Removes the App Scan Integration account information from the Workspace ONE UEM console.
- Removes the blacklisted app groups from the Workspace ONE UEM console created from third-party vendor scans.
- Removes compliance policies created using the blacklisted app groups.
Another way to fix application issues is to deactivate blacklisted app groups. This option might fix issues without removing configurations.
Monitor Integration With Console Events
- App Scan Vendor Application Group Modified
- Application Added To App Scan Vendor Application Group
- Third Party Application Scanning Started
- Error occurred while Third Party Application Scanning
- Reset Perform for Third Party Application Scanning Vendor