Configuring Workspace ONE UEM for PingID
To manage the PingID app using Workspace ONE UEM (formerly known as AirWatch), you must apply several configuration settings.
The initial Workspace ONE UEM configuration comprises the following:
Ongoing maintenance
As part of MDM maintenance activities, new tokens for the PingID app can be generated and old tokens revoked. For more information, see the following topics:
-
In PingID:
-
In Workspace ONE UEM:
The previous configuration steps are for use cases where PingID MFA authenticating devices are managed by the Workspace ONE UEM MDM. In cases where PingFederate is used to apply policies on accessing devices managed by Workspace ONE UEM, see Workspace ONE UEM Integration Kit. |
Installing an APNs certificate for iOS in Workspace ONE UEM
Install an Apple Push Notification service (APNs) certificate in Workspace ONE UEM.
About this task
To support iOS devices, an Apple mobile device management (MDM) certificate must be installed in the organization’s MDM.
Steps
-
In the Workspace ONE UEM admin console, download an APNS certificate signing request (CSR).
-
Go to Settings → Apple → APNs for MDM.
-
Click Generate New Certificate.
-
Click MDM_APNsRequest.plist.
-
Click Go To Apple.
-
-
Sign on to the Apple Push Certificates Portal.
-
Click Create a Certificate on either the Get Started window or the Certificates for Third-party Servers window.
If your organization does not yet have any Apple Push Certificates, the Get Started section is displayed. Otherwise, the Certificates list view window is displayed.
-
To browse for the CSR file created earlier, click Choose File, and then click Upload.
-
Click Download.
-
Upload the APNs certificate in Workspace ONE UEM.
-
Go to Devices & Users → Apple → APNs for MDM.
-
-
Click Save.
Configuring Android for Work for Workspace ONE UEM
Configure Android for Work for the organization’s mobile device management (MDM) so the PingID app configuration can be pushed to Android devices.
About this task
This is an example configuration of Android for Work with G Suite. Android for Work can also be configured for MDM without G Suite. |
Steps
-
In Workspace ONE UEM, go to Settings → Devices & Users → Android → Android For Work.
-
Click Click here.
The browser redirects to G Suite, and on completion of the configuration, returns to Workspace ONE UEM.
-
In Workspace ONE UEM, in the Android For Work window, click Configure, and fill in the required details.
Configuring Workspace ONE UEM for PingID MDM integration
Configure PingID as a mobile device management (MDM) managed app in Workspace ONE UEM (formerly known as AirWatch).
About this task
The procedure detailed here is the iOS example for the configuration of Workspace ONE UEM for PingID MDM integration. The procedure for Android is identical. If the organization’s MDM manages both iOS and Android devices, configure and save the entire procedure separately for each platform. |
Steps
-
In the Workspace ONE UEM admin console, go to Apps & Books → Applications → List View
-
On the Public tab, click Add application.
-
From the Platform list, select Apple iOS.
-
In Source field, click Search App Store.
-
In Name field, enter
PingID
. -
Click Next.
-
In the mobile app store, for the PingID mobile app, click Select.
Result:
The PingID mobile app’s details are displayed in the Details tab.
-
Click the Assignment tab.
-
Go to the Policies section.
-
In the Send Application Configuration field, click Enabled.
Result:
The Application Configuration section displays.
-
In the Application Configuration section, enter the following parameter values.
Parameter Value Configuration Key
PINGID_MDM_TOKEN
.-
For iOS, the value
PINGID_MDM_TOKEN
must be entered manually. -
For Android, the value
PINGID_MDM_TOKEN
is prepopulated.
Value Type
STRING
Configuration value
The token string value for MDM, as generated in the PingID admin web configuration page.
-
-
In the Make app MDM Managed If User Installed field, click Enabled.
This option transitions a non-managed app downloaded from the app store to a managed app. The user must approve it on their device.
- For Apple devices earlier than iOS 9 and Android devices
-
Users must execute the following steps:
-
Unpair the PingID mobile app on the iOS device.
-
Uninstall the PingID mobile app from the iOS device.
-
Reinstall the PingID mobile app, from the MDM’s app catalog.
-
Pair the newly installed, MDM managed PingID mobile app.
-
- For Apple devices with iOS 9 and later
-
The user receives a notification on their device to approve the transition to MDM management. After user approval, the PingID mobile app installed on the iOS device is managed by the MDM.
-
Click Save & Publish.
Repeat the entire configuration process for Android. The prerequisite to the Android app configuration is Configuring Android for Work for Workspace ONE UEM.
Updating a PingID token in Workspace ONE UEM
Update the token PingID managed app in Workspace ONE UEM for iOS.
About this task
You must configure and save the entire procedure separately for each platform. |
Steps
-
In the Workspace ONE UEM admin console, go to Apps & Books → Applications → List View.
-
On the Public tab, select the PingID iOS app to edit, and then click the Pencil icon.
-
Click the Assignment tab.
-
Go to the Policies section.
-
In the Application Configuration section, enter the following parameter values.
Parameter Value Configuration Key
PINGID_MDM_TOKEN
.-
For iOS, the value
PINGID_MDM_TOKEN
must be entered manually. -
For Android, the value
PINGID_MDM_TOKEN
is prepopulated.
Value Type
STRING
Configuration value
The token string value for MDM, as generated in the PingID admin web configuration page.
-
-
Click Save & publish.
Repeat the entire process for Android.