Guides
ProductDeveloperPartnerPersonal

VMware Workspace ONE

By downloading an XML file from Umbrella, optionally updating it, and then pasting part of its contents into your Workspace ONE system, Workspace ONE is able to push configuration information to both the Cisco Secure Client and Umbrella so that your Android device is registered with Umbrella. The result is that your Android device is protected by Umbrella.

For information about configuring Workspace ONE, see Workspace ONE’s documentation.

👍

Workspace ONE Details

For more information about using the Cisco Umbrella AnyConnect module with the Workspace ONE Mobile Device Manager, refer to Workspace ONE documentation, available online at VMWare's docs website.

Table of Contents


##Prerequisites

  • An Android Enterprise compatible device deployment. The legacy Device Admin (DA) system is not supported at this time
  • Android mobile devices running Android OS version 6.0.1 and above. Devices examples are Samsung, Google, and Motorola. FireOS devices and other Android forks are not supported.
  • An MDM for deploying the software; in this case, Workspace ONE.
  • Access to an Umbrella subscription including mobile device coverage.
  • A network meeting access requirements.
    • Access over UDP 53 and UDP 443 to 208.67.222.222 from the device.
  • For on-network scenarios, Trusted Network Detection (TND) may also be used to disable the client on network and pass traffic to a Virtual Appliance. The following prerequisites apply:
    • All VAs in use are defined by FQDN (IPs entered will not allow the client to go into trusted network mode) in the umbrella_va_fqdns configuration property.
      • The format for this field is comma separated, for example, (va1.domain.com, va2.domain.com)
    • VAs must be registered to the same Umbrella organization as the Android devices.
    • HTTPS mode for user events enabled on the Virtual Appliance.
      • If the VA’s FQDN is not publicly signed, the self-signed root certificate for the VA domain used for HTTPS mode on the VA must also be pushed to the Android device to sign the connection.
      • VA certificates should contain Subject Alternate Name (SAN) matching the VA’s configured domain to successfully communicate with the VA over HTTPS mode.
      • For more information on how to configure HTTPS mode on the VA, see Umbrella Virtual Appliance: Receiving User-IP mappings Over a Secure Channel.

Register in WorkspaceONE

The first step in managing Android devices is to register WorkspaceOne as your Enterprise Mobility Manager (EMM) with Google.

  1. In Workspace ONE, navigate to Settings > Devices and Users > Android > Android EMM Registration.
1600
  1. Click Register with Google, then complete the registration. When the registration is complete, the following page appears.
1600

If the EMM has previously been registered with Google, the following page appears instead.

1600

Push the App to Devices

  1. In the Workspace One Universal Endpoint Manager (UEM), navigate to Apps & Books > Applications > Native > Public > Add Application.
  2. Search for AnyConnect or the bundle id com.cisco.anyconnect.vpn.android.avf in the Play store, then select and approve it.
1600
  1. When the app is approved, select it, and click Save & Assign.
1600
  1. Select Assignment groups and App Delivery Method.
  2. Click Configure.
977
  1. Add values from the Android config file for Umbrella Organization ID and Registration Token.
899
  1. Click Save.
  2. Select the assignment you just created and click Save And Publish.
899
  1. Click Publish. This pushes the app to the selected devices.

Push User Identities

When user identities are pushed to Umbrella, you can identify and search users and devices. For more information, see Manage Identities.

Push the Umbrella Certificate

For more information, see Push the Umbrella Certificate to Devices.

Manage Pop-Ups and App Controls

For information about configuring the client's deployment options, see Manage Pop-Ups and App Controls.


MobileIron MDM < VMware Workspace ONE > Microsoft Intune MDM