After the admin API key is created, you add an admin account and set up certificate authentication in the Workspace ONE UEM console.

For REST API certificate-based authentication, a user level certificate is generated from the Workspace ONE UEM console. The certificate used is a self-signed Workspace ONE UEM certificate generated from the Workspace ONE UEM admin root cert.

When you configure an admin for the certificate, select an admin user from the Active Directory who has a password that does not expire. Because a basic user password can expire, it is not recommended to configure a basic user name and password for the certificate. If the password expires, user sync with Workspace ONE Access directory fails.


The Workspace ONE UEM REST admin API key is created.


  1. In the Workspace ONE UEM console, select the Global > Customer-level organization group and navigate to Accounts > Administrators > List View.
  2. Click Add > Add Admin.
  3. In the page, select Basic and enter the user name and password for the admin user in the Active Directory. Make sure to enter an admin user name with a password that does not expire.
  4. Select the Roles tab and select the current organization group followed by the Role as Console Administrator.
  5. Select the API tab and in the Authentication text box, select Certificates.
  6. Enter the certificate password. The password is the same password entered for the admin on the Basic tab.
  7. Click Save.
    The new admin account and the client certificate are created.
  8. In the List View page, select the admin you created and open the API tab again.
    The certificates page displays information about the certificate.
  9. Enter the password you set in the Certificate Password text box, click Export Client Certificate and save the file.


The client certificate is saved as a .p12 file type.

What to do next

Configure your Workspace ONE UEM URL settings in the Workspace ONE Access console.