After the admin API key is created, you add an admin account and set up certificate authentication in the Workspace ONE UEM console.

For REST API certificate-based authentication, a user level certificate is generated from the Workspace ONE UEM console. The certificate used is a self-signed Workspace ONE UEM certificate generated from the Workspace ONE UEM admin root cert.


The Workspace ONE UEM REST admin API key is created.


  1. In the Workspace ONE UEM console, select the Global > Customer-level organization group and navigate to Accounts > Administrators > List View.
  2. Click Add > Add Admin.
  3. In the Basic tab, enter the certificate admin user name and password in the required text boxes.

  4. Select the Roles tab and choose the current organization group and click the second text box and select AirWatch Administrator.
  5. Select the API tab and in the Authentication text box, select Certificates.
  6. Enter the certificate password. The password is the same password entered for the admin on the Basic tab.
  7. Click Save.

    The new admin account and the client certificate are created.

  8. In the List View page, select the admin you created and open the API tab again.

    The certificates page displays information about the certificate.

  9. Enter the password you set in the Certificate Password text box, click Export Client Certificate and save the file.


The client certificate is saved as a .p12 file type.

What to do next

Configure your Workspace ONE UEM URL settings in the VMware Identity Manager console.