Configuring the Harmony Mobile Dashboard UEM Integration Settings

This section includes all necessary configuration steps for Harmony Mobile Dashboard that will enable the integration with Workspace ONE UEM Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point..

Note - For easy reference during configuration, you can record your settings in the special table (see Integration Information).

Prerequisites

You need these details from your Workspace ONE UEM Deployment:

Server: The URL of your Workspace ONE UEM System. Usually - the same as the Workspace ONE UEM Console URL.
User name and Password: Credentials of API Account. See Creating API Account for Integration with the Harmony Mobile

The credentials that the Harmony Mobile Dashboard uses to connect to Workspace ONE UEM.

API Key: use the API Key for the REST API Service. The key is located within your Workspace ONE UEM Console interface. See Creating REST API Key
Group(s): The Workspace ONE UEM Organization groups or smart groups (Assignment Groups) to which the devices are registered and then integrated with the Harmony Mobile Dashboard. You can integrate Multiple Groups. Selecting a parent group will not integrate devices from subsequent child groups

If a Parent Organization Group is integrated with a Harmony Mobile Dashboard, then any child Organization Group of that Parent cannot be integrated with a different Harmony Mobile Dashboard.

Note - Before you start the first time integration, delete any existing devices in the Harmony Mobile Dashboard.

Configuring UEM Integration Settings

Procedure:

Access your Harmony Mobile Dashboard via the Infinity Portal. Go to Settings > Integrations

Click "+" and then UEMs to create a new integration setting.

In the Integration Wizard, select Workspace ONE UEM.

Configure the settings for Workspace ONE UEM Integration.

Server Details
1. (Recommended) To use Oauth authentication, enter this information:
  - Display Name - Workspace ONE Default
  - Server Address - The full URL needed for the UEM service.
  - Select the Use OAuth2 authentication method checkbox.
  - Client ID - Credentials of client ID.
  - Client Secret - Credentials of client password.
    
    To get the Client ID and Client Secret, see Create an OAuth Client to Use for API Commands (SaaS) in the VMware Workspace ONE UEM documentation.
2. To use basic authentication, enter this information:
  - Display Name - Workspace ONE Default
  - Server Address - The full URL needed for the UEM service.
  - Username - Credentials of API Account.
  - Password - Credentials of API Account.
  - API Key - Use the API Key for the REST API Service.
3. If the UEM server uses a self-signed certificate for external communication, select the Server uses self-signed certificate checkbox to upload the certificate directly (use CER file format base64 [PEM] encoded) or just paste the certificate text directly in the box.
4. Using Connector (Optional)
  
  You can configure Harmony Mobile Connector when the UEM is on-premises and has no direct access from the Harmony Mobile cloud. For more information, see Harmony Mobile Connector Installation Guide.
5. Click Verify and then Next.

Synchronization

Configure the groups of devices that will synchronize with Harmony Mobile Dashboard. The dropdown list will automatically populate all the Organization Groups and Smart Groups the API user from previous step has access to.

Select the group(s) you need to integrate with.

In the Android Enterprise Groups field:

Select the groups for two deployed applications as part of the Workspace ONE UEM Android Enterprise deployment. See Using Android Enterprise with Harmony Mobile.

Note - the list will populate only groups selected from previous step of synchronized groups.

Please make sure you select a group that include Android devices that are configured to have both personal and work profiles (iOS devices can be included in this group as well).

In the Advanced section:

Import Personally Identifiable Information (PII) and set the synchronization intervals.

You can limit the import of the PII devices (users) to Harmony Mobile. By default it is set to ON.

Note - If all entries are OFF, the placeholder information set for the email address is placed in the Device Owner's Email, in form of "UEMDevice UDID@vendor.UEM".

Synchronization intervals attributes:

Setting	Description	Values
Device sync interval	Interval to connect with UEM to sync devices.	10-1440 minutes, in 10 minute intervals.
Device deletion threshold	Percentage of devices allowed for deletion after UEM device sync (in %).	0-100% ; use 100% for no threshold *
Device deletion after	Delay device deletion after several sync attempts - device is deleted after this amount of sync tries that confirmed deletion	1-100 sync tries.
App sync interval	Interval to connect with UEM to sync applications.	10-1440 minutes, in 10 minute intervals.

* 100% value is recommended for evaluation/test usage - when you are adding a small amount of devices

Click Verify then Next.

Tagging

Specify whether to send tag information to Workspace ONE UEM in order to communicate the deployment status of Harmony Mobile Protect app and the risk level of the device.
1. Set all to ON (recommended) if you want to communicate the following characteristics of the device to the UEM:
  
  Tag device status - the device status in Harmony Mobile
  
  Tag device risk - the device risk level in Harmony Mobile
  
  Tag device TF - the corresponding threat factors detected on the device by Harmony Mobile
2. Click Verify and Next

Deployment

Check the "Allow auto device addition prior to device sync" option in case you require a faster device enrollment. Without this option checked, the device will not be able to connect to the Harmony Mobile Dashboard not until a complete sync step has created the device in the dashboard. This option generates a unique dashboard token to be used in the UEM configuration that will tell the device which dashboard it needs to register to.

Note - The token is the hashed unique identifier of your dashboard. We will use it in a later step, when we will configure application configurations. Use the "copy to clipboard" button to set the Token value later.

In the Advanced section:

This section is relevant if you use Harmony Mobile to manage the deployment and not the UEM:
1. Enable options to have Harmony Mobile Dashboard send email and/or SMS notification to the new users with instructions to download and install the Harmony Mobile Protect app. Usually when the UEM is configured it will notify the end user itself to install the app so this option is disabled by default.
2. Click Finish.
  
  After you complete the necessary steps, the Integrations pane shows the detailed status of all UEM settings integrated with the Harmony Mobile dashboard.
3. View the Integration Status: In Settings > Integration menu.
  
  Select the integration you want to shows the information for and click the "i" icon on the top right:
  
  The details that you see are:
  - UEM Server - The latest server configuration status.
  - Device Sync Status - The synchronized groups and the device sync status time stamp.
  - App Sync Status - The last time applications were fetched from the UEM (Applicable for iOS deployment only).
  - Tagging- Tagging Configuration and Tagging Status.
  - Deployment - Deployment Configuration and Deployment Status.
4. The 3 dots on the top of the integration settings will allow you to select extra functions:
  
  Click Edit to edit the settings if needed.
  
  Click Sync Now to force an immediate device sync call and not wait to the next auto sync cycle.
  
  Click Pause / Resume to temporarily stop or resume the device sync process.
  
  Click Remove to remove the integration settings altogether.