Airwatch/Workspace ONE
Requirements
Supported FortiNAC Engine Version: 8.x and greater
Considerations
-
Versions 9.2.5, 9.4.0 and greater: Airwatch/Workspace One role assignment takes precedence over existing user/host roles in FortiNAC. To configure FortiNAC for user/host roles to take precedence over Airwatch/Workspace One assigned roles, see Airwatch/Workspace One Role Assignment in Appendix.
-
Only Airwatch Basic Authentication is supported.
Configure the API Key in Airwatch/Workspace One
-
Login to Airwatch/Workspace One and navigate to Menu > Configuration > System Configuration > System >Advanced >API >REST API. Enable API Access should be checked. The API Key generated is used later in the FortiNAC MDM Services configuration.
-
On the REST API screen, click Authentication and make sure Basic is selected.
-
Determine the URL to which FortiNAC must connect to access the REST API. This URL is used in the FortiNAC MDM Services configuration. If unknown, contact Airwatch/Workspace One for assistance.
-
Configure a System Administrator user in Airwatch/Workspace One to be used by FortiNAC for authentication when requesting data.
Note: Airwatch/Workspace One requires a role for each Administrator user. When selecting a role for the Administrator user, make sure that role has permission for REST API.
Set Up and Test Notifications (Recommended)
Airwatch/Workspace One can be configured to send notifications to FortiNAC when devices are deleted or updated in the Airwatch/Workspace One database. If notifications are not configured in Airwatch/Workspace One, this information will be obtained during the next poll of the MDM. See MDM Services for details on MDM Polling.
-
Navigate to Menu > Configuration > System Configuration > System >Advanced >API >Event Notification.
-
Click Edit Event Notification to bring up the dialog box.
-
Enter the following settings into the Event Notification dialog box:
-
Target Name: nsserver
-
Target URL:
https://{nsserver}:8443/api/notifications
(where {nsserver} is the eth0 IP address or hostname of the FortiNAC server) -
Note: In High Availability (HA) configurations, Airwatch/Workspace One must be configured to push data to the hostnames or eth0 IP addresses of both Primary and Secondary Control Servers
-
User Name:
nsadminuser
-
Password:
nsadminuserpassword
-
Format: Select XML
-
Events: Select all Events
-
Click Save.
-
Browse to
https://{nsserver}:8443/api/notifications
and download the SSL certificate. See Appendix topic Methods to Export FortiNAC SSL Certificate. -
Import the SSL certificate into Airwatch/Workspace One.
-
Click Test Connection. If notifications have been set up correctly, the message Test is successful is returned. Proceed to Configure FortiNAC.