Skip to main content
Sign in

Creating an extended integration for VMware Workspace ONE assets

  • August 30, 2023 13:36
  • Updated

Let Oomnitza be your single source of truth!

You'll get complete visibility of your assets as data from Workspace ONE is automatically transformed into consumable information and actionable insights.

Connect Oomnitza and Workspace ONE in minutes

  • Configurable dashboards and list views of key asset information
  • Configurable reports to share information about your assets with your colleagues and management
  • Configurable workflows that you can easily create to automate tasks such as :
    • activating, updating, deleting, and installing applications on devices in Workspace ONE.
    • assigning and removing Smart Groups to applications on devices in Workspace ONE.

Navigation

small_blue_link.svgAdd credentials to the vault in Oomnitza

small_blue_link.svgIntegrate Workspace ONE with Oomnitza

small_blue_link.svg Creating a workflow

Before you start

Best practice
For the integration with Oomnitza, create a dedicated user account.

You will need the following information to create the Workspace ONE integration with Oomnitza:

Workspace ONE OAuth credentials

Workspace ONE uses OAuth2.0 for authentication and requires a Client ID and Client Secret from Workspace ONE to activate in Oomnitza.

Creating an OAuth token in UEM is quite simple.

  1. Go to Groups & Settings > Configurations.
  2. Search for OAuth.
  3. Click OAuth Client Management
  4. Click Add.
  5. In the Register a New Client screen, complete the fields.
    1. Name
    2. Description:
    3. Organization Group: The group that this OAuth token will have access to. 
    4. Role: The level of permissions this token will give. The best practice is to create a list privileged role that only has access to the API areas required. 
    5. Status: Ensure this is enabled.
  6. Click Save.
  7. Copy the Client ID and Secret for use in Oomnitza.

You should note the following when working with Workspace ONE OAuth:

  • By default, OAuth access tokens remain valid for 3600 seconds (1 hour). 
  • As an organization owner, you can regenerate the app secret of an OAuth app in your organization. This is useful if the organization owner who created the OAuth app is no longer with your corporation and you want to continue running the app. 
  •  Only organization owners, or organization members with the Developer role, can create and manage OAuth devices.

Refer to the VMWare documentation for more information. 

Workspace ONE API Server URL

In addition to the Client ID and Client Secret, you will also need to supply your Workspace API Server URL. The Server URL is the same as the Console URL, with the value 'cn' replaced with 'as'. The following is the list of Console server URLs and their corresponding API server URL.

Environment Console Server URL API Server URL
CN1014  https://cn1014.awmdm.com  https://as1014.awmdm.com
CN1015  https://cn1015.awmdm.com  https://as1015.awmdm.com
CN1016  https://cn1016.awmdm.com  https://as1016.awmdm.com
CN1022  https://cn1022.awmdm.com  https://as1022.awmdm.com
CN1106  https://cn1106.awmdm.com  https://as1106.awmdm.com
CN1108  https://cn1108.awmdm.com  https://as1108.awmdm.com
CN1109  https://cn1109.awmdm.com  https://as1109.awmdm.com
CN1174  https://cn1174.awmdm.com  https://as1174.awmdm.com
CN118  https://cn118.awmdm.com  https://as118.awmdm.com
CN1300  https://cn1300.awmdm.com  https://as1300.awmdm.com
CN1375  https://cn1375.awmdm.com  https://as1375.awmdm.com
CN1380  https://cn1380.awmdm.com  https://as1380.awmdm.com
CN1498  https://cn1498.awmdm.com  https://as1498.awmdm.com
CN1506  https://cn1506.awmdm.com  https://as1506.awmdm.com
CN156  https://cn156.awmdm.com  https://as156.awmdm.com
CN157  https://cn157.awmdm.com  https://as157.awmdm.com
CN16  https://cn16.airwatchportals.com  https://as16.airwatchportals.com
CN1645  https://cn1645.awmdm.com  https://as1645.awmdm.com
CN1678  https://cn1678.awmdm.com  https://as1678.awmdm.com
CN1687  https://cn1687.awmdm.com  https://as1687.awmdm.com
CN1688  https://cn1688.awmdm.com  https://as1688.awmdm.com
CN1689  https://cn1689.awmdm.com  https://as1689.awmdm.com
CN22  https://cn22.airwatchportals.com  https://as22.airwatchportals.com
CN135 https://cn135.awmdm.com https://as135.awmdm.com
CN239  https://cn239.awmdm.com  https://as239.awmdm.com
CN257  https://cn257.awmdm.com  https://as257.awmdm.com
CN258  https://cn258.awmdm.com  https://as258.awmdm.com
CN259  https://cn259.awmdm.com  https://as259.awmdm.com
CN274  https://cn274.awmdm.com  https://as274.awmdm.com
CN32  https://cn32.airwatchportals.com  https://as32.airwatchportals.com
CN33  https://cn33.airwatchportals.com  https://as33.airwatchportals.com
CN356  https://beta3.awmdm.com  https://as356.awmdm.com
CN366  https://cn366.awmdm.com  https://as366.awmdm.com
CN420  https://cn420.awmdm.com  https://as420.awmdm.com
CN500  https://cn500.airwatchportals.com  https://as500.airwatchportals.com
CN503  https://cn503.awmdm.co.uk  https://as503.awmdm.co.uk
CN504  https://cn504.awmdm.jp  https://as504.awmdm.jp
CN510  https://cn510.awmdm.sg  https://as510.awmdm.sg
CN531  https://cn531.awmdm.com  https://as531.awmdm.com
CN532  https://cn532.awmdm.com  https://as532.awmdm.com
CN556  https://cn556.awmdm.com  https://as556.awmdm.com
CN628  https://cn628.awmdm.com  https://as628.awmdm.com
CN700  https://cn700.awmdm.com  https://as700.awmdm.com
CN705  https://cn705.awmdm.com  https://as705.awmdm.com
CN706  https://cn706.awmdm.com  https://as706.awmdm.com
CN763  https://cn763.awmdm.com  https://as763.awmdm.com
CN800  https://cn800.airwatchportals.com  https://as800.airwatchportals.com
CN801  https://cn801.awmdm.com  https://as801.awmdm.com
CN802  https://cn802.awmdm.com  https://as802.awmdm.com
CN857  https://cn857.awmdm.com  https://as857.awmdm.com
CN858  https://cn858.awmdm.com  https://as858.awmdm.com
CN888  https://cn888.awmdm.com  https://as888.awmdm.com

For more information, see VM Ware API documentation: Use API server URL for Workspace ONE UEM REST API calls

Workspace ONE API Region

Refer to the below table when adding your Workspace ONE region to Oomnitza.

Region Workspace ONE UEM SaaS Data Center Location API Region
Ohio (United States) All UAT environment uat
Virginia (United States) United States na
Virginia (United States) Canada na
Frankfurt (Germany) United Kingdom emea
Frankfurt (Germany) Germany emea
Tokyo (Japan) India apac
Tokyo (Japan) Japan apac
Tokyo (Japan) Singapore apac
Tokyo (Japan) Australia apac
Tokyo (Japan) Hong Kong apac

For more information, see VM Ware API documentation: Using UEM Functionality With a REST API

Add credentials to the vault in Oomnitza

To authorize connections between Oomnitza and Workspace ONE, complete these steps:

  1. In Oomnitza, click Configuration > Security > Credentials.
  2. Click Add new credential (+).
  3. Search for the integration, and then click the forward button > to select the integration.
  4. Enter your client credentials and any other additional information.
  5. Click Authenticate. You are prompted to log in to authorize your request.
  6. Click CREATE.

Information
If the integration is not listed, click Advanced Mode, and add your credentials.

  1. Add the information details.
  2. Ensure that OAuth 2.0 is selected as the Authorization type.
  3. Ensure that VMware Workspace ONE is selected from the SaaS list.
  4. Enter the Client ID and Client Secret obtained above. 
  5. Enter the API Region
  6. Save your changes.

You use the credentials that you added to create and customize your Workspace ONE integration with Oomnitza.

Integrate Workspace ONE with Oomnitza

  1. In Oomnitza, click Configuration> Integrations> Overview.
  2. Click Block view block_view.PNG
  3. Scroll down to the Extended section for asset integrations.
  4. Click NEW INTEGRATION.
  5. Select the integration in the sidebar.
  6. Click ADD.

Integration Overview

More information is provided about the following fields to help you complete the integration:

  • Integration preferences:  By default, the option Create & Update is selected, which allows for editing existing asset records and adding new ones. If your goal is only to edit existing asset records, choose Update Only. On the other hand, if you only want to add new records, select Create Only.

Integration details

To review or update the integrations details, click the pencil:

  1. Update the integration name if necessary. 
  2. For installation type decide whether you want to store the credentials locally or in Oomnitza:
    1. Select Local if you want to store credentials locally. This mode does not support OAuth or AWS authentication.
    2. Select Cloud if you want to store credentials in your Oomnitza instance.
  3. For integration preferences, select an option.
  4. Enter the name of the integration user.

Credential details

Choose one of the following options:

  • Select the credentials that were created for the integration.
  • Edit the credentials that were created for the integration.
  • Create new credentials

Schedule

By default, user data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

  1. Click the pencil.
  2. Configure your schedule.
  3. Click Update.

Mappings

To map the fields to Oomnitza, click the pencil.

Creating custom mappings

Map the Workspace ONE fields to Oomnitza fields and create custom mappings to get the user information that you need.

Complete these actions:

  1. Click Smart Mapping to automatically map the fields. Values from the integration can also be dragged to the appropriate field on the Oomnitza side, or selected from the integration field dropdown.
  2. Create a custom mapping for the Device ID. To create a custom mapping, complete the following steps:
    1. Click the down arrow on the ID field.
    2. Select Add new Oomnitza field.
    3. Change the name of the field to Device ID or similar.
    4. Select the Unique checkbox if you want to use this custom field as the sync key.
    5. Click CREATE
  3. Select a sync key, such as the Device ID or Serial Number. The field must have unique values.
  4. Click UPDATE.
  5.  

Custom mappings

AC Line Status
Asset Number
Compliance Status
Compromised Status
Device Current Mobile Country Code
Device Friendly Name
Device SIM Mobile Country Code
Enrollment Status
ID
IMEI
Is Supervised
Last Compliance Check On
Last Compromised Check On
Last Enrolled On
Last Seen
Location Group ID
Location Group Name
Mac Address
Model
Model ID
Operating System
Ownership
Phone Number
Platform
Platform ID
Platform Name
Serial Number
UDID
User Email Address
User ID
User Name
Virtual Memory

Did you know? 
You can define rules for your integration by selecting Edit integration edit_integration.svg on the mapping page. For example, you may only want to run the integration if a certain contact or region exists. See Filtering integration results.  

You can add new fields to your integration by selecting Add new field  add_grey_rectangel_icon.svg on the mapping page. All you need to do is specify the property name. See Creating custom API fields. 

Launching the integration

Your integration is in Draft mode until all the required mandatory fields are added. Once you have added all of the required fields, select Launch to activate your integration. 

small_blue_link.svg If you selected Cloud as the installation type when creating the integration, refer to Running an extended integration

small_blue_link.svg If you selected Local as the installation type when creating the integration, refer to Running an extended integration locally.

Getting your results
To view the information that is collected about your assets, click Assets. To view the information about software, click the Software tab.  
To view the information that is collected about your users, click People. If you selected User plus SaaS User when running the user integration, you can also find a list of users in the Software > SaaS menu

Related Links

Creating a workflow

Prerequisites

Before you create workflows, you should set your subdomain as a global variable:

  1. Click Configuration > General > Global Settings.
  2. Click Add new variable (+).
  3. Add the WorkspaceONEUEM.Subdomain variable and its value. The value is the name of your API Server URL. If your Workspace ONE Server URL is https://as858.awmdm.comyour subdomain would be: as858. You do not need to supply the awmdm.comas it is automatically appended.
  4. Save your changes.

Creating asset workflows with the API block

To create an asset workflow, you must complete these steps:  

  1. Click Configuration > Workflows 
  2. Click Add (+) and select Assets from the list.
  3. Edit the Begin Block and add rules to trigger the workflow. For example, if you set the  Actions to New, the workflow will run for every new asset record added to Oomnitza.
  4. Drag and drop the API block onto the Sandbox.
  5. Click Edit on the API block and enter VMWare in the search field. 
  6. Select a preset from the list below. To choose a preset, click the forward arrow (>).
  7. Select your correct Workspace ONE Credentials that you created in Add credentials to the vault in Oomnitza.
  8. Your Subdomain should be derived from the variable you created previously. 
  9. Enter any mandatory information when prompted. 
  10. Select Advanced Mode.
  11. Select the Response tab. You can map the entire response by placing {{response}} in the Response field and mapping it to a custom long text Oomnitza field. 
  12. Connect the Blocks. 
  13. Save, validate, and activate your workflow.

Activate Device Profile

Activates a device profile using the Profile ID.

Activate Enrollment User

Activates the Enrollment User using the User ID.

Activate Internal Application 

Enables administrators to activate an internal mobile application in Workspace ONE. If the application is already active, the workflow will proceed down the negative/exit path. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the internal application to be activated.

Activate Public Application 

Enables administrators to activate a public mobile application in Workspace ONE. If the application is already active, the workflow will proceed down the negative/exit path. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the public application to be activated.

Add Console Admin User (Basic)

Creates a console admin user of security type basic in the desired organization group.

Add Console Admin User (Directory)

Creates an admin user with directory credentials in the desired organization group.

Add Enrollment User (Basic)

Adds a basic device enrollment user to the desired organization group.

Add Enrollment User (Directory)

Adds a directory device enrollment user to the desired organization group.

Assign Smart Group to Internal Application 

Enables administrators to assign a Smart Group to an internal mobile application in Workspace ONE. Devices that belong to the designated Smart Group are automatically provisioned over-the-air with the specified application.

Assign Smart Group to Public Application 

Enables administrators to assign a Smart Group to a public mobile application in Workspace ONE. Devices that belong to the designated Smart Group are automatically provisioned over-the-air with the specified application.

Change Console Admin User Password

Changes the password of the console admin user.

Change Device Passcode

Changes the passcode of the device which is used for unlocking it.

Clear Passcode on Device

Clears the passcode of the device.

Deactivate Device Profile

Deactivates a device profile by Profile ID.

Deactivate Enrollment User

Deactivates the enrollment user specified in the User ID.

Deactivate Internal Application 

Enables administrators to deactivate an internal mobile application in Workspace ONE. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the internal application to be deactivated.

Deactivate Public Application 

Enables administrators to deactivate a public mobile application in Workspace ONE. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the public application to be deactivated.

Delete Console Admin User

Deletes a specified console admin user identified by its user ID of an organization group.

Delete Device

Deletes the device information and un-enrolls the device

Delete Internal Application 

Enables administrators to delete an internal mobile application from Workspace ONE. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the internal application to be deleted.

 Delete Public Application 

Enables administrators to delete a public mobile application from Workspace ONE. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the public application to be deleted.

Enterprise Wipe a Device

Sends an Enterprise Wipe command to the device identified by Device ID.

Get Device Network Info

Retrieves the network information of the device by Device ID.

Install Device Profile

Installs a profile on a device using the Profile ID and Serial Number.

Install Internal Application on Device 

Enables administrators to install an internal mobile application on a device in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Serial Number must be specified to indicate the device and application to be installed.

By default, the Serial Number is used to identify the device. To use a different identifier for the device:

  1. In the API block window, click the Advanced Mode button located in the upper right of the window.
  2. Select the Body tab. Update the Serial Number to any of the following device identifiers in the request body: Device Id, UDID, Mac Address.

Install Public Application on Device 

Enables administrators to install a public mobile application on a device in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Serial Number must be specified to indicate the device and application to be installed.

By default, the Serial Number is used to identify the device. To use a different identifier for the device:

  1. In the API block window, click the Advanced Mode button located in the upper right of the window.
  2. Select the Body tab. Update the Serial Number to any of the following device identifiers in the request body: Device Id, UDID, Mac Address.

Install Purchased Application on Device 

Enables administrators to install a purchased mobile application on a device in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Serial Number must be specified to indicate the device and application to be installed.

By default, the Serial Number is used to identify the device. To use a different identifier for the device:

  1. In the API block window, click the Advanced Mode button located in the upper right of the window.
  2. Select the Body tab. Update the Serial Number to any of the following device identifiers in the request body: Device Id, UDID, Mac Address.

Internal Application Save 

Enables administrators to save a new internal mobile application in Workspace ONE. The following details are required when saving the new application:

  • Blob Id. Prior to this API call, you should have obtained a Blob Id as a result of POSTing a binary file to /api/mam/blobs/uploadblob. 
  • App Name. The desired application name.
  • Developer Email. The email address of the developer.
  • App Version. The version of the application.
  • File Name. The name of the binary file (including extension) posted to /api/mam/blobs/uploadblob. 

Lock Device

Sends a Lock Device command to the device identified by Device ID

Remove Device Profile

Removes the profile from the device identified by the Profile ID.

Remove Smart Group from Internal Application 

Enables administrators to remove a Smart Group from an internal mobile application in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Smart Group ID must be specified to indicate which items are to be disassociated.

Remove Smart Group from Public Application

Enables administrators to remove a Smart Group from a public mobile application in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Smart Group ID must be specified to indicate which items are to be disassociated.

Retire Internal Application 

Enables administrators to retire an internal mobile application within Workspace ONE. If the application is already retired, the workflow will proceed down the negative/exit path. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the internal application to be retired.

Sync Device

Sends a Device Sync command to the device identified by Device ID.

Uninstall Internal Application from Device 

Enables administrators to uninstall an internal mobile application from a device in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Serial Number must be specified to indicate the device and application to be uninstalled.

By default, the Serial Number is used to identify the device. To use a different identifier for the device:

  1. In the API block window, click the Advanced Mode button located in the upper right of the window.
  2. Select the Body tab. Update the Serial Number to any of the following device identifiers in the request body: Device Id, UDID, Mac Address.

Uninstall Public Application from Device 

Enables administrators to uninstall a public mobile application from a device in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Serial Number must be specified to indicate the device and application to be uninstalled.

By default, the Serial Number is used to identify the device. To use a different identifier for the device:

  1. In the API block window, click the Advanced Mode button located in the upper right of the window.
  2. Select the Body tab. Update the Serial Number to any of the following device identifiers in the request body: Device Id, UDID, Mac Address.

Uninstall Purchased Application from Device preset

Enables administrators to uninstall a purchased mobile application from a device in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Serial Number must be specified to indicate the device and application to be uninstalled.

By default, the Serial Number is used to identify the device. To use a different identifier for the device:

  1. In the API block window, click the Advanced Mode button located in the upper right of the window.
  2. Select the Body tab. Update the Serial Number to any of the following device identifiers in the request body: Device Id, UDID, Mac Address.

Unretire Internal Application 

Enables administrators to unretire an internal mobile application within Workspace ONE. If the application is already unretired, the workflow will proceed down the negative/exit path. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the internal application to be unretired.

Update Admin User

Updates the specified admin user.

Update Internal Application 

Enables administrators to update an internal mobile application's details within Workspace ONE. The following details are required when updating the application:

  • App ID. The unique internal application identifier to be updated.
  • App Rank. The application rank.
  • App Name. The desired application name.
  • Auto Update Version. Defines if the application can be updated automatically. Boolean/False.
  • Build Number. The build version of the file.
  • Major Version. The major version of the file.
  • Minor Version. The minor version of the file.
  • Developer Email. The email address of the developer.
  • Developer Phone. The phone number of the developer.
  • Enable Provisioning. The provisioning status. Supported value is Boolean/False.
  • Patch Type. The type of the uploaded patch. 
  • Push Mode. The deployment mode for the applications. The values are 'auto' and 'ondemand’.
  • Support Email. User defined email address of support.
  • Support Phone. User defined phone number of support.

Update Removal Logs 

Enables administrators to update the removal logs in Workspace ONE. The following details are required when updating the logs:

  • Threshold Id. The identifier for the log record.
  • New Threshold Status. The action taken or to be taken by the administrator on the
    held commands. The values can be:
    • Held for admin approval
    • Commands released to devices
    • Commands dismissed from the queue.
  • Organization Group ID. The unique identifier of the Organization Group.

Related Links

small_blue_link.svgMDM (Mobile Device Management) REST API V1

small_blue_link.svg VMware AirWatch REST API Guide 

Reference articles for workflows

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

  • Configure dashboards for your users and software
  • Configure custom reports about your users and software
  • Create workflows to automate tasks

See small_blue_link.svg Getting started for more information.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.