After the admin API key is created, you add an admin account and set up certificate authentication in the Workspace ONE UEM console.

For REST API certificate-based authentication, a user level certificate is generated from the Workspace ONE UEM console. The certificate used is a self-signed Workspace ONE UEM certificate generated from the Workspace ONE UEM admin root cert.

When you configure admin for the certificate, select an admin user from the Active Directory who has a password that does not expire. Because a basic user password can expire, it is not recommended to configure a basic user name and password for the certificate. If the password expires, user sync with VMware Identity Manager directory fails.

Prerequisites

The Workspace ONE UEM REST admin API key is created.

Procedure

  1. In the Workspace ONE UEM console, select the Global > Customer-level organization group and navigate to Accounts > Administrators > List View.
  2. Click Add > Add Admin.
  3. In the page, select the Director tab to select an admin that is configured in the Active Directory. Enter the certificate admin user name and password in the required text boxes. Make sure to enter an admin user name with a password that does not expire.
  4. Select the Roles tab and select the current organization group and click the second text box and select AirWatch Administrator.
  5. Select the API tab and in the Authentication text box, select Certificates.
  6. Enter the certificate password. The password is the same password entered for the admin on the Basic tab.
  7. Click Save.

    The new admin account and the client certificate are created.

  8. In the List View page, select the admin you created and open the API tab again.

    The certificates page displays information about the certificate.

  9. Enter the password you set in the Certificate Password text box, click Export Client Certificate and save the file.

Results

The client certificate is saved as a .p12 file type.

What to do next

Configure your Workspace ONE UEM URL settings in the VMware Identity Manager console.