Today after a lot of work, I want to share with you folks a pretty good experience I´ve made with the implementation of a modern management approach, a real cloud based management and device enrolment. No on-premise infrastructure and the agility of several Cloud solutions but including security aspects as well.
In this scenario, I´ve implemented the solutions of VMware Workspace ONE UEM, Workspace ONE Access (formally Identity Manager), Okta, Microsoft Azure and Windows 10. At the end the user are capable to enrol their device into Workspace ONE with their Okta Universal Directory accounts and into Azure AD if they want to for Windows 10. All in one smooth enrolment process. The approach is to enable the customer and their users to use one single account to work across all devices they will have and with different OS through the complete solution stack.
Leading Identity Provider will be Okta with the Universal directory where you can create your user accounts manually, import from a csv file or another source (Workday as HR tool for instance has a direct integration). Windows 10 devices will be enrolled via Out-of-the-Box-Experience (OOBE) with Factory provisioning or Microsoft Autopilot and additionally you have the choice of workgroup, local Active Directory, Azure AD Premium or Azure AD without Premium join.
To have a short overview what will be the architecture and workflow at the end of this implementation, see the picture below.
If you want you can have a device trust check as well additionally to the identity check of the user.
I will divide it into a series because of the complexity, easier to consume and you can pick the parts you want to. In the several parts you will find step by step instructions to implement it and potential issue you got or thing you should be aware of.
At the end of the whole series, I will share a short video as well how the user provisioning and device enrolment will look like in case of Microsoft Windows 10 with Azure AD Premium. Video will be added soon
Here a content list of the series for quick access:
- Part 1 – Workspace ONE configuration
- Part 2 – Okta integration
- Part 3 – Okta configuration – Workspace ONE user provisioning
- Part 4 – Okta as 3rd party iDP
- Part 5 – SAML authentication Workspace ONE
- Part 6 – User provisioning Workspace ONE UEM
- Part 7 – Workspace ONE as 3rd party iDP
- Part 8 – Integration of Microsoft Azure in Workspace ONE
- Part 9 – Integration of Microsoft Azure and Office 365 in Okta
- Part 10 – Okta applications in Workspace ONE
- Part 11 – Integrate Workspace ONE in Microsoft Azure
- Part 12 – Attribute mapping Okta
- Part 13 – Final result including video
