You use the Workspace ONE Access APIs to create the magic login link and prepare it to be sent as a link in an email to the pre-hire user.
Create and Return Magic Login Link to Add to Emails
This API produces the login link that can be added to the email.
- Set "domain" to the domain that the pre-hire user belongs to. Enter as
domain.mycompany.com. - Set "userName" to the user name of the pre-hire users. This name is synced in through the Active Directory attribute "userName"
The response is the loginLink that is the magic link containing the token. You add this loginLink to the email that your send to the pre-hire user.
| HTTP Method | POST | |
|---|---|---|
| Authorization | <AuthHeader> |
|
| ReST Endpoint URL | /token/auth/state Example https://test.vmwareidentity.com/SAAS/jersey/manager/api/token/auth/state |
|
| Content-Type | application/vnd.vmware.horizon.manager.tokenauth.generation.request+json | |
| Accept | application/vnd.vmware.horizon.manager.tokenauth.link.response+json | |
| Body | {
"domain" : "hs.vidmlabs.com", //the domain the user belongs to
"userName" : "cuser2" // userName of the pre-hire user. This is synced in via the AD attribute "userName"
} |
|
| Sample Response | {"loginLink": "https://hostname.vdim.com/SAAS/auth/login?token=<ALongToken>&userstore=Userstore_7ecdf96d-31ae-4fa7-a810-1873dda9615b",
"_links": {}
} loginLink is the magic link containing the token. |
Errors - HTTP Status Code Summary
The response codes to indicate the success or failure of the API request are as follows.
| Status Code | Description | Remediation |
|---|---|---|
| 200 - OK | Request served successfully. | |
| 400 - user.not.found | A user could not be identified using the parameters passed in the body. | Ensure that the user name and domain are correctly passed. |
| 400 - token.auth.invalid.group | The user does not belong to the AD group that was configured for this token. | Ensure that the user is in the correct group. |
| 409 - token.auth.token.already.exists | A token was already generated for the user, cannot generate a fresh one. | Delete the existing token and try again. See Delete the Generated Magic Link Token in Workspace ONE Access. |
| 500 - multiple causes | Something went wrong on the server while generating the token. | Contact VMware Workspace ONE Access support team. |
Sample Magic Link Email
Because pre-hires do not have a company email address in Active Directory before their start date, the magic link email should be sent through an external system.
Here is an example of an email that includes the magic link.
