Fortinet black logo

MDM Integration

Home FortiNAC-F 7.4.0 MDM Integration
7.4.0
7.4.0

Airwatch/Workspace ONE

Airwatch/Workspace ONE

Requirements

Supported FortiNAC Engine Version: 8.x and greater

Considerations

  • Versions 9.2.5, 9.4.0 and greater: Airwatch/Workspace One role assignment takes precedence over existing user/host roles in FortiNAC. To configure FortiNAC for user/host roles to take precedence over Airwatch/Workspace One assigned roles, see Airwatch/Workspace One Role Assignment in Appendix.

  • Only Airwatch Basic Authentication is supported.

Configure the API Key in Airwatch/Workspace One

  1. Login to Airwatch/Workspace One and navigate to Menu > Configuration > System Configuration > System >Advanced >API >REST API. Enable API Access should be checked. The API Key generated is used later in the FortiNAC MDM Services configuration.

  2. On the REST API screen, click Authentication and make sure Basic is selected.

  3. Determine the URL to which FortiNAC must connect to access the REST API. This URL is used in the FortiNAC MDM Services configuration. If unknown, contact Airwatch/Workspace One for assistance.

  4. Configure a System Administrator user in Airwatch/Workspace One to be used by FortiNAC for authentication when requesting data.

    Note: Airwatch/Workspace One requires a role for each Administrator user. When selecting a role for the Administrator user, make sure that role has permission for REST API.

Set Up and Test Notifications (Recommended)

Airwatch/Workspace One can be configured to send notifications to FortiNAC when devices are deleted or updated in the Airwatch/Workspace One database. If notifications are not configured in Airwatch/Workspace One, this information will be obtained during the next poll of the MDM. See MDM Services for details on MDM Polling.

  1. Navigate to Menu > Configuration > System Configuration > System >Advanced >API >Event Notification.

  2. Click Edit Event Notification to bring up the dialog box.

  3. Enter the following settings into the Event Notification dialog box:

  • Target Name: nsserver

  • Target URL: https://{nsserver}:8443/api/notifications (where {nsserver} is the eth0 IP address or hostname of the FortiNAC server)

  • Note: In High Availability (HA) configurations, Airwatch/Workspace One must be configured to push data to the hostnames or eth0 IP addresses of both Primary and Secondary Control Servers

  • User Name: nsadminuser

  • Password: nsadminuserpassword

  • Format: Select XML

  • Events: Select all Events

  1. Click Save.

  2. Browse to https://{nsserver}:8443/api/notifications and download the SSL certificate. See Appendix topic Methods to Export FortiNAC SSL Certificate.

  3. Import the SSL certificate into Airwatch/Workspace One.

  4. Click Test Connection. If notifications have been set up correctly, the message Test is successful is returned. Proceed to Configure FortiNAC.

Previous
Next

Airwatch/Workspace ONE

Requirements

Supported FortiNAC Engine Version: 8.x and greater

Considerations

  • Versions 9.2.5, 9.4.0 and greater: Airwatch/Workspace One role assignment takes precedence over existing user/host roles in FortiNAC. To configure FortiNAC for user/host roles to take precedence over Airwatch/Workspace One assigned roles, see Airwatch/Workspace One Role Assignment in Appendix.

  • Only Airwatch Basic Authentication is supported.

Configure the API Key in Airwatch/Workspace One

  1. Login to Airwatch/Workspace One and navigate to Menu > Configuration > System Configuration > System >Advanced >API >REST API. Enable API Access should be checked. The API Key generated is used later in the FortiNAC MDM Services configuration.

  2. On the REST API screen, click Authentication and make sure Basic is selected.

  3. Determine the URL to which FortiNAC must connect to access the REST API. This URL is used in the FortiNAC MDM Services configuration. If unknown, contact Airwatch/Workspace One for assistance.

  4. Configure a System Administrator user in Airwatch/Workspace One to be used by FortiNAC for authentication when requesting data.

    Note: Airwatch/Workspace One requires a role for each Administrator user. When selecting a role for the Administrator user, make sure that role has permission for REST API.

Set Up and Test Notifications (Recommended)

Airwatch/Workspace One can be configured to send notifications to FortiNAC when devices are deleted or updated in the Airwatch/Workspace One database. If notifications are not configured in Airwatch/Workspace One, this information will be obtained during the next poll of the MDM. See MDM Services for details on MDM Polling.

  1. Navigate to Menu > Configuration > System Configuration > System >Advanced >API >Event Notification.

  2. Click Edit Event Notification to bring up the dialog box.

  3. Enter the following settings into the Event Notification dialog box:

  • Target Name: nsserver

  • Target URL: https://{nsserver}:8443/api/notifications (where {nsserver} is the eth0 IP address or hostname of the FortiNAC server)

  • Note: In High Availability (HA) configurations, Airwatch/Workspace One must be configured to push data to the hostnames or eth0 IP addresses of both Primary and Secondary Control Servers

  • User Name: nsadminuser

  • Password: nsadminuserpassword

  • Format: Select XML

  • Events: Select all Events

  1. Click Save.

  2. Browse to https://{nsserver}:8443/api/notifications and download the SSL certificate. See Appendix topic Methods to Export FortiNAC SSL Certificate.

  3. Import the SSL certificate into Airwatch/Workspace One.

  4. Click Test Connection. If notifications have been set up correctly, the message Test is successful is returned. Proceed to Configure FortiNAC.

Previous
Next