You use the Workspace ONE Access APIs to create the magic login link and prepare it to be sent as a link in an email to the pre-hire user.

Create and Return Magic Login Link to Add to Emails

This API produces the login link that can be added to the email. Use this API when the pre-hire email address is not available in Active Directory.

  1. Set "domain" to the domain that the pre-hire user belongs to. Enter as domain.mycompany.com.
  2. Set "userName" to the user name of the pre-hire users. This name is synced in through the Active Directory attribute "userName"

The response is the loginLink that is the magic link containing the token. You add this loginLink to the email that your send to the pre-hire user.

HTTP Method POST
Authorization

<AuthHeader>

ReST Endpoint URL

/token/auth/state

Example

https://test.vmwareidentity.com/SAAS/jersey/manager/api/token/auth/state

Content-Type application/vnd.vmware.horizon.manager.tokenauth.generation.request+json
Accept application/vnd.vmware.horizon.manager.tokenauth.link.response+json
Body
{
"domain" : "hs.vidmlabs.com", //the domain the user belongs to
"userName" : "cuser2" // userName of the pre-hire user. This is synced in via the AD attribute "userName"
}
Sample Response
{"loginLink": "https://hostname.vdim.com/SAAS/auth/login?token=<ALongToken>&userstore=Userstore_7ecdf96d-31ae-4fa7-a810-1873dda9615b",
"_links": {}
}

loginLink is the magic link containing the token.

Errors - HTTP Status Code Summary

The response codes to indicate the success or failure of the API request are as follows.

Status Code Description Remediation
200 - OK Request served successfully.
400 - user.not.found A user could not be identified using the parameters passed in the body. Ensure that the user name and domain are correctly passed.
400 - token.auth.invalid.group The user does not belong to the AD group that was configured for this token. Ensure that the user is in the correct group.
409 - token.auth.token.already.exists A token was already generated for the user, cannot generate a fresh one. Delete the existing token and try again. See Delete the Generated Magic Link Token in Workspace ONE Access.
500 - multiple causes Something went wrong on the server while generating the token. Contact VMware Workspace ONE Access support team.

Create Magic Link and Email That is Sent to Pre-Hires

This API produces an email with the magic link and sends the email to the pre-hire user. Use this API when the pre-hire email address is available in Active Directory.

  1. Set "domain" to the domain that the pre-hire user belongs to. Enter as domain.mycompany.com.
  2. Set "userName" to the username of the pre-hire users. This name is synced through the Active Directory attribute "userName".
HTTP Method POST
Authorization

<AuthHeader>

ReST Endpoint URL

/token/auth/state

Example

https://test.vmwareidentity.com/SAAS/jersey/manager/api/token/auth/state

Content-Type application/vnd.vmware.horizon.manager.tokenauth.generation.request+json
Accept application/vnd.vmware.horizon.manager.tokenauth.email.response+json
Body

Values within angle brackets (< >) are example values. When replacing the example value, remove the angle brackets.

{
"domain" : "<hs.vidmlabs.com>", //the domain the user belongs to
"userName" : "<cuser2>" // userName of the pre-hire user. This is synced in via the AD attribute "userName"
}
Sample Response
{}

Errors - HTTP Status Code Summary

The response codes to indicate the success or failure of the API request are as follows.

Status Code Description Remediation
200 - OK Request served successfully.
400 - user.not.found A user could not be identified using the parameters passed in the body. Ensure that user name and domain are correctly passed.
400 - token.auth.invalid.group The user does not belong to the AD group that was configured for this token. Ensure that the user is in the correct group.
400 - token.auth.missing.email.attribute The user's email was not found. Ensure that the user's email is present in the attribute configured to use token auth.
409 - token.auth.token.already.exists A token was already generated for the user, cannot generate a fresh one. Delete the existing token and try again. See Delete the Generated Magic Link Token in Workspace ONE Access.
500 - multiple causes Something went wrong on the server when generating the token or sending the email. check if SMTP was configured correctly. Contact VMware Workspace ONE Access support team.

Sample Magic Link Email

Because pre-hires do not have a company email address in Active Directory before their start date, the magic link email should be sent through an external system.

Here is an example of an email that includes the magic link.

Workspace ONE Intelligent Hub Welcome Example