Let Oomnitza be your single source of truth!
You'll get complete visibility of your assets as data from Workspace ONE is automatically transformed into consumable information and actionable insights.
Connect Oomnitza and Workspace ONE in minutes
- Configurable dashboards and list views of key asset information
- Configurable reports to share information about your assets with your colleagues and management
- Configurable workflows that you can easily create to automate tasks such as :
- activating, updating, deleting, and installing applications on devices in Workspace ONE.
- assigning and removing Smart Groups to applications on devices in Workspace ONE.
Navigation
Add credentials to the vault in Oomnitza
Integrate Workspace ONE with Oomnitza
Before you start
Best practice
For the integration with Oomnitza, create a dedicated user account.
You will need the following information to create the Workspace ONE integration with Oomnitza:
Workspace ONE OAuth credentials
Workspace ONE uses OAuth2.0 for authentication and requires a Client ID and Client Secret from Workspace ONE to activate in Oomnitza.
Creating an OAuth token in UEM is quite simple.
- Go to Groups & Settings > Configurations.
- Search for OAuth.
- Click OAuth Client Management
- Click Add.
- In the Register a New Client screen, complete the fields.
- Name:
- Description:
- Organization Group: The group that this OAuth token will have access to.
- Role: The level of permissions this token will give. The best practice is to create a list privileged role that only has access to the API areas required.
- Status: Ensure this is enabled.
- Click Save.
- Copy the Client ID and Secret for use in Oomnitza.
You should note the following when working with Workspace ONE OAuth:
- By default, OAuth access tokens remain valid for 3600 seconds (1 hour).
- As an organization owner, you can regenerate the app secret of an OAuth app in your organization. This is useful if the organization owner who created the OAuth app is no longer with your corporation and you want to continue running the app.
- Only organization owners, or organization members with the Developer role, can create and manage OAuth devices.
Refer to the VMWare documentation for more information.
Workspace ONE API Server URL
In addition to the Client ID and Client Secret, you will also need to supply your Workspace API Server URL. The Server URL is the same as the Console URL, with the value 'cn' replaced with 'as'. The following is the list of Console server URLs and their corresponding API server URL.
Environment | Console Server URL | API Server URL |
CN1014 | https://cn1014.awmdm.com | https://as1014.awmdm.com |
CN1015 | https://cn1015.awmdm.com | https://as1015.awmdm.com |
CN1016 | https://cn1016.awmdm.com | https://as1016.awmdm.com |
CN1022 | https://cn1022.awmdm.com | https://as1022.awmdm.com |
CN1106 | https://cn1106.awmdm.com | https://as1106.awmdm.com |
CN1108 | https://cn1108.awmdm.com | https://as1108.awmdm.com |
CN1109 | https://cn1109.awmdm.com | https://as1109.awmdm.com |
CN1174 | https://cn1174.awmdm.com | https://as1174.awmdm.com |
CN118 | https://cn118.awmdm.com | https://as118.awmdm.com |
CN1300 | https://cn1300.awmdm.com | https://as1300.awmdm.com |
CN1375 | https://cn1375.awmdm.com | https://as1375.awmdm.com |
CN1380 | https://cn1380.awmdm.com | https://as1380.awmdm.com |
CN1498 | https://cn1498.awmdm.com | https://as1498.awmdm.com |
CN1506 | https://cn1506.awmdm.com | https://as1506.awmdm.com |
CN156 | https://cn156.awmdm.com | https://as156.awmdm.com |
CN157 | https://cn157.awmdm.com | https://as157.awmdm.com |
CN16 | https://cn16.airwatchportals.com | https://as16.airwatchportals.com |
CN1645 | https://cn1645.awmdm.com | https://as1645.awmdm.com |
CN1678 | https://cn1678.awmdm.com | https://as1678.awmdm.com |
CN1687 | https://cn1687.awmdm.com | https://as1687.awmdm.com |
CN1688 | https://cn1688.awmdm.com | https://as1688.awmdm.com |
CN1689 | https://cn1689.awmdm.com | https://as1689.awmdm.com |
CN22 | https://cn22.airwatchportals.com | https://as22.airwatchportals.com |
CN135 | https://cn135.awmdm.com | https://as135.awmdm.com |
CN239 | https://cn239.awmdm.com | https://as239.awmdm.com |
CN257 | https://cn257.awmdm.com | https://as257.awmdm.com |
CN258 | https://cn258.awmdm.com | https://as258.awmdm.com |
CN259 | https://cn259.awmdm.com | https://as259.awmdm.com |
CN274 | https://cn274.awmdm.com | https://as274.awmdm.com |
CN32 | https://cn32.airwatchportals.com | https://as32.airwatchportals.com |
CN33 | https://cn33.airwatchportals.com | https://as33.airwatchportals.com |
CN356 | https://beta3.awmdm.com | https://as356.awmdm.com |
CN366 | https://cn366.awmdm.com | https://as366.awmdm.com |
CN420 | https://cn420.awmdm.com | https://as420.awmdm.com |
CN500 | https://cn500.airwatchportals.com | https://as500.airwatchportals.com |
CN503 | https://cn503.awmdm.co.uk | https://as503.awmdm.co.uk |
CN504 | https://cn504.awmdm.jp | https://as504.awmdm.jp |
CN510 | https://cn510.awmdm.sg | https://as510.awmdm.sg |
CN531 | https://cn531.awmdm.com | https://as531.awmdm.com |
CN532 | https://cn532.awmdm.com | https://as532.awmdm.com |
CN556 | https://cn556.awmdm.com | https://as556.awmdm.com |
CN628 | https://cn628.awmdm.com | https://as628.awmdm.com |
CN700 | https://cn700.awmdm.com | https://as700.awmdm.com |
CN705 | https://cn705.awmdm.com | https://as705.awmdm.com |
CN706 | https://cn706.awmdm.com | https://as706.awmdm.com |
CN763 | https://cn763.awmdm.com | https://as763.awmdm.com |
CN800 | https://cn800.airwatchportals.com | https://as800.airwatchportals.com |
CN801 | https://cn801.awmdm.com | https://as801.awmdm.com |
CN802 | https://cn802.awmdm.com | https://as802.awmdm.com |
CN857 | https://cn857.awmdm.com | https://as857.awmdm.com |
CN858 | https://cn858.awmdm.com | https://as858.awmdm.com |
CN888 | https://cn888.awmdm.com | https://as888.awmdm.com |
For more information, see VM Ware API documentation: Use API server URL for Workspace ONE UEM REST API calls.
Workspace ONE API Region
Refer to the below table when adding your Workspace ONE region to Oomnitza.
Region | Workspace ONE UEM SaaS Data Center Location | API Region |
---|---|---|
Ohio (United States) | All UAT environment | uat |
Virginia (United States) | United States | na |
Virginia (United States) | Canada | na |
Frankfurt (Germany) | United Kingdom | emea |
Frankfurt (Germany) | Germany | emea |
Tokyo (Japan) | India | apac |
Tokyo (Japan) | Japan | apac |
Tokyo (Japan) | Singapore | apac |
Tokyo (Japan) | Australia | apac |
Tokyo (Japan) | Hong Kong | apac |
For more information, see VM Ware API documentation: Using UEM Functionality With a REST API
Add credentials to the vault in Oomnitza
To authorize connections between Oomnitza and Workspace ONE, complete these steps:
- In Oomnitza, click Configuration > Security > Credentials.
- Click Add new credential (+).
- Search for the integration, and then click the forward button > to select the integration.
- Enter your client credentials and any other additional information.
- Click Authenticate. You are prompted to log in to authorize your request.
- Click CREATE.
Information
If the integration is not listed, click Advanced Mode, and add your credentials.
- Add the information details.
- Ensure that OAuth 2.0 is selected as the Authorization type.
- Ensure that VMware Workspace ONE is selected from the SaaS list.
- Enter the Client ID and Client Secret obtained above.
- Enter the API Region.
- Save your changes.
You use the credentials that you added to create and customize your Workspace ONE integration with Oomnitza.
Integrate Workspace ONE with Oomnitza
- In Oomnitza, click Configuration> Integrations> Overview.
- Click Block view
- Scroll down to the Extended section for asset integrations.
- Click NEW INTEGRATION.
- Select the integration in the sidebar.
- Click ADD.
Integration Overview
More information is provided about the following fields to help you complete the integration:
- Integration preferences: By default, the option Create & Update is selected, which allows for editing existing asset records and adding new ones. If your goal is only to edit existing asset records, choose Update Only. On the other hand, if you only want to add new records, select Create Only.
Integration details
To review or update the integrations details, click the pencil:
- Update the integration name if necessary.
- For installation type decide whether you want to store the credentials locally or in Oomnitza:
- Select Local if you want to store credentials locally. This mode does not support OAuth or AWS authentication.
- Select Cloud if you want to store credentials in your Oomnitza instance.
- For integration preferences, select an option.
- Enter the name of the integration user.
Credential details
Choose one of the following options:
- Select the credentials that were created for the integration.
- Edit the credentials that were created for the integration.
- Create new credentials
Schedule
By default, user data is streamed to Oomnitza once every day.
You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.
- Click the pencil.
- Configure your schedule.
- Click Update.
Mappings
To map the fields to Oomnitza, click the pencil.
Creating custom mappings
Map the Workspace ONE fields to Oomnitza fields and create custom mappings to get the user information that you need.
Complete these actions:
- Click Smart Mapping to automatically map the fields. Values from the integration can also be dragged to the appropriate field on the Oomnitza side, or selected from the integration field dropdown.
- Create a custom mapping for the Device ID. To create a custom mapping, complete the following steps:
- Click the down arrow on the ID field.
- Select Add new Oomnitza field.
- Change the name of the field to Device ID or similar.
- Select the Unique checkbox if you want to use this custom field as the sync key.
- Click CREATE.
- Select a sync key, such as the Device ID or Serial Number. The field must have unique values.
- Click UPDATE.
Custom mappings
AC Line Status
Asset Number
Compliance Status
Compromised Status
Device Current Mobile Country Code
Device Friendly Name
Device SIM Mobile Country Code
Enrollment Status
ID
IMEI
Is Supervised
Last Compliance Check On
Last Compromised Check On
Last Enrolled On
Last Seen
Location Group ID
Location Group Name
Mac Address
Model
Model ID
Operating System
Ownership
Phone Number
Platform
Platform ID
Platform Name
Serial Number
UDID
User Email Address
User ID
User Name
Virtual Memory
Did you know?
You can define rules for your integration by selecting Edit integration on the mapping page. For example, you may only want to run the integration if a certain contact or region exists. See Filtering integration results.
You can add new fields to your integration by selecting Add new field on the mapping page. All you need to do is specify the property name. See Creating custom API fields.
Launching the integration
Your integration is in Draft mode until all the required mandatory fields are added. Once you have added all of the required fields, select Launch to activate your integration.
If you selected Cloud as the installation type when creating the integration, refer to Running an extended integration
If you selected Local as the installation type when creating the integration, refer to Running an extended integration locally.
Getting your results
To view the information that is collected about your assets, click Assets. To view the information about software, click the Software tab.
To view the information that is collected about your users, click People. If you selected User plus SaaS User when running the user integration, you can also find a list of users in the Software > SaaS menu
Related Links
Creating a workflow
Prerequisites
Before you create workflows, you should set your subdomain as a global variable:
- Click Configuration > General > Global Settings.
- Click Add new variable (+).
- Add the WorkspaceONEUEM.Subdomain variable and its value. The value is the name of your API Server URL. If your Workspace ONE Server URL is
https://as858.awmdm.com
your subdomain would be:as858
. You do not need to supply theawmdm.com
as it is automatically appended. - Save your changes.
Creating asset workflows with the API block
To create an asset workflow, you must complete these steps:
- Click Configuration > Workflows
- Click Add (+) and select Assets from the list.
- Edit the Begin Block and add rules to trigger the workflow. For example, if you set the Actions to New, the workflow will run for every new asset record added to Oomnitza.
- Drag and drop the API block onto the Sandbox.
- Click Edit on the API block and enter VMWare in the search field.
- Select a preset from the list below. To choose a preset, click the forward arrow (>).
- Activate Device Profile
- Activate Enrollment User
- Activate Internal Application
- Activate Public Application
- Add Console Admin User (Basic)
- Add Console Admin User (Directory)
- Add Enrollment User (Basic)
- Add Enrollment User (Directory)
- Assign Smart Group to Internal Application
- Assign Smart Group to Public Application
- Change Console Admin User Password
- Change Device Passcode
- Clear Passcode on Device
- Deactivate Device Profile
- Deactivate Enrollment User
- Deactivate Internal Application
- Deactivate Public Application
- Delete Console Admin User
- Delete Device
- Delete Internal Application
- Delete Public Application
- Enterprise Wipe a Device
- Get Device Network Info
- Install Device Profile
- Install Internal Application on Device
- Install Public Application on Device
- Install Purchased Application on Device
- Internal Application Save
- Lock Device
- Remove Device Profile
- Remove Smart Group from Internal Application
- Remove Smart Group from Public Application
- Retire Internal Application
- Sync Device
- Uninstall Internal Application from Device
- Uninstall Public Application from Device
- Uninstall Purchased Application from Device
- Unretire Internal Application
- Update Admin User
- Update Internal Application
- Update Removal Logs
- Select your correct Workspace ONE Credentials that you created in Add credentials to the vault in Oomnitza.
- Your Subdomain should be derived from the variable you created previously.
- Enter any mandatory information when prompted.
- Select Advanced Mode.
- Select the Response tab. You can map the entire response by placing
{{response}}
in the Response field and mapping it to a custom long text Oomnitza field. - Connect the Blocks.
- Save, validate, and activate your workflow.
Activate Device Profile
Activates a device profile using the Profile ID.
Activate Enrollment User
Activates the Enrollment User using the User ID.
Activate Internal Application
Enables administrators to activate an internal mobile application in Workspace ONE. If the application is already active, the workflow will proceed down the negative/exit path. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the internal application to be activated.
Activate Public Application
Enables administrators to activate a public mobile application in Workspace ONE. If the application is already active, the workflow will proceed down the negative/exit path. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the public application to be activated.
Add Console Admin User (Basic)
Creates a console admin user of security type basic in the desired organization group.
Add Console Admin User (Directory)
Creates an admin user with directory credentials in the desired organization group.
Add Enrollment User (Basic)
Adds a basic device enrollment user to the desired organization group.
Add Enrollment User (Directory)
Adds a directory device enrollment user to the desired organization group.
Assign Smart Group to Internal Application
Enables administrators to assign a Smart Group to an internal mobile application in Workspace ONE. Devices that belong to the designated Smart Group are automatically provisioned over-the-air with the specified application.
Assign Smart Group to Public Application
Enables administrators to assign a Smart Group to a public mobile application in Workspace ONE. Devices that belong to the designated Smart Group are automatically provisioned over-the-air with the specified application.
Change Console Admin User Password
Changes the password of the console admin user.
Change Device Passcode
Changes the passcode of the device which is used for unlocking it.
Clear Passcode on Device
Clears the passcode of the device.
Deactivate Device Profile
Deactivates a device profile by Profile ID.
Deactivate Enrollment User
Deactivates the enrollment user specified in the User ID.
Deactivate Internal Application
Enables administrators to deactivate an internal mobile application in Workspace ONE. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the internal application to be deactivated.
Deactivate Public Application
Enables administrators to deactivate a public mobile application in Workspace ONE. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the public application to be deactivated.
Delete Console Admin User
Deletes a specified console admin user identified by its user ID of an organization group.
Delete Device
Deletes the device information and un-enrolls the device
Delete Internal Application
Enables administrators to delete an internal mobile application from Workspace ONE. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the internal application to be deleted.
Delete Public Application
Enables administrators to delete a public mobile application from Workspace ONE. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the public application to be deleted.
Enterprise Wipe a Device
Sends an Enterprise Wipe command to the device identified by Device ID.
Get Device Network Info
Retrieves the network information of the device by Device ID.
Install Device Profile
Installs a profile on a device using the Profile ID and Serial Number.
Install Internal Application on Device
Enables administrators to install an internal mobile application on a device in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Serial Number must be specified to indicate the device and application to be installed.
By default, the Serial Number is used to identify the device. To use a different identifier for the device:
- In the API block window, click the Advanced Mode button located in the upper right of the window.
- Select the Body tab. Update the Serial Number to any of the following device identifiers in the request body: Device Id, UDID, Mac Address.
Install Public Application on Device
Enables administrators to install a public mobile application on a device in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Serial Number must be specified to indicate the device and application to be installed.
By default, the Serial Number is used to identify the device. To use a different identifier for the device:
- In the API block window, click the Advanced Mode button located in the upper right of the window.
- Select the Body tab. Update the Serial Number to any of the following device identifiers in the request body: Device Id, UDID, Mac Address.
Install Purchased Application on Device
Enables administrators to install a purchased mobile application on a device in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Serial Number must be specified to indicate the device and application to be installed.
By default, the Serial Number is used to identify the device. To use a different identifier for the device:
- In the API block window, click the Advanced Mode button located in the upper right of the window.
- Select the Body tab. Update the Serial Number to any of the following device identifiers in the request body: Device Id, UDID, Mac Address.
Internal Application Save
Enables administrators to save a new internal mobile application in Workspace ONE. The following details are required when saving the new application:
-
Blob Id. Prior to this API call, you should have obtained a Blob Id as a result of POSTing a binary file to
/api/mam/blobs/uploadblob.
- App Name. The desired application name.
- Developer Email. The email address of the developer.
- App Version. The version of the application.
-
File Name. The name of the binary file (including extension) posted to
/api/mam/blobs/uploadblob.
Lock Device
Sends a Lock Device command to the device identified by Device ID
Remove Device Profile
Removes the profile from the device identified by the Profile ID.
Remove Smart Group from Internal Application
Enables administrators to remove a Smart Group from an internal mobile application in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Smart Group ID must be specified to indicate which items are to be disassociated.
Remove Smart Group from Public Application
Enables administrators to remove a Smart Group from a public mobile application in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Smart Group ID must be specified to indicate which items are to be disassociated.
Retire Internal Application
Enables administrators to retire an internal mobile application within Workspace ONE. If the application is already retired, the workflow will proceed down the negative/exit path. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the internal application to be retired.
Sync Device
Sends a Device Sync command to the device identified by Device ID.
Uninstall Internal Application from Device
Enables administrators to uninstall an internal mobile application from a device in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Serial Number must be specified to indicate the device and application to be uninstalled.
By default, the Serial Number is used to identify the device. To use a different identifier for the device:
- In the API block window, click the Advanced Mode button located in the upper right of the window.
- Select the Body tab. Update the Serial Number to any of the following device identifiers in the request body: Device Id, UDID, Mac Address.
Uninstall Public Application from Device
Enables administrators to uninstall a public mobile application from a device in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Serial Number must be specified to indicate the device and application to be uninstalled.
By default, the Serial Number is used to identify the device. To use a different identifier for the device:
- In the API block window, click the Advanced Mode button located in the upper right of the window.
- Select the Body tab. Update the Serial Number to any of the following device identifiers in the request body: Device Id, UDID, Mac Address.
Uninstall Purchased Application from Device preset
Enables administrators to uninstall a purchased mobile application from a device in Workspace ONE. When constructing a workflow that uses this preset, an Application ID and Serial Number must be specified to indicate the device and application to be uninstalled.
By default, the Serial Number is used to identify the device. To use a different identifier for the device:
- In the API block window, click the Advanced Mode button located in the upper right of the window.
- Select the Body tab. Update the Serial Number to any of the following device identifiers in the request body: Device Id, UDID, Mac Address.
Unretire Internal Application
Enables administrators to unretire an internal mobile application within Workspace ONE. If the application is already unretired, the workflow will proceed down the negative/exit path. When constructing a workflow that uses this preset, an Application ID must be specified to indicate the internal application to be unretired.
Update Admin User
Updates the specified admin user.
Update Internal Application
Enables administrators to update an internal mobile application's details within Workspace ONE. The following details are required when updating the application:
- App ID. The unique internal application identifier to be updated.
- App Rank. The application rank.
- App Name. The desired application name.
- Auto Update Version. Defines if the application can be updated automatically. Boolean/False.
- Build Number. The build version of the file.
- Major Version. The major version of the file.
- Minor Version. The minor version of the file.
- Developer Email. The email address of the developer.
- Developer Phone. The phone number of the developer.
- Enable Provisioning. The provisioning status. Supported value is Boolean/False.
- Patch Type. The type of the uploaded patch.
- Push Mode. The deployment mode for the applications. The values are 'auto' and 'ondemand’.
- Support Email. User defined email address of support.
- Support Phone. User defined phone number of support.
Update Removal Logs
Enables administrators to update the removal logs in Workspace ONE. The following details are required when updating the logs:
- Threshold Id. The identifier for the log record.
-
New Threshold Status. The action taken or to be taken by the administrator on the
held commands. The values can be:- Held for admin approval
- Commands released to devices
- Commands dismissed from the queue.
- Organization Group ID. The unique identifier of the Organization Group.
Related Links
MDM (Mobile Device Management) REST API V1
VMware AirWatch REST API Guide
Reference articles for workflows
Unleash the power of Oomnitza
To get valuable actionable insights that help you manage your assets, learn how to:
- Configure dashboards for your users and software
- Configure custom reports about your users and software
- Create workflows to automate tasks
See Getting started for more information.
Comments
0 comments
Please sign in to leave a comment.