VMware

Unlocking the Power of AD Authentication with vIDM API

Automating VMware Workspace One Access with Active Directory Authentication

In this blog post, we will explore how to automate VMware Workspace One Access using Active Directory authentication. We will use Thunder Client, a free extension for Visual Studio Code, to test the API calls and demonstrate how to set up an OAuth client application in VIDM using local System domain credentials.

Step 1: Get a VIDM Session Token

To start, we need to get a session token from VIDM. We can do this by sending a GET request to the following API path:

“`

https:///api/session

“`

We will use the username and password of a System domain VIDM account, for simplicity, we can use the configadmin credential. The request should have the following headers:

* Accept: application/json

* Content-Type: application/json

The body of the request should be empty. The response will contain the session token, which we will use to create the OAuth client application.

Step 2: Create the OAuth Client

Now that we have the session token, we can create the OAuth client application. We will send a POST request to the following API path:

“`

https:///api/oidc/clients

“`

The headers for this request should include:

* Accept: application/json

* Content-Type: application/json

The body of the request should be in JSON format and contain the following fields:

* client_id: A unique identifier for the OAuth client (optional)

* client_secret: A secret key used to authenticate the OAuth client (optional)

* name: The display name of the OAuth client

* description: A brief description of the OAuth client

After submitting the request, we will get a ‘201 Created’ response, which contains the information entered and the API path to the new OAuth client.

Step 3: Get the VIDM Access Token

Now that we have created the OAuth client, we can use it to get an access token to make regular API calls. We will send a POST request to the following API path:

“`

https:///api/oidc/token

“`

The headers for this request should include:

* Accept: application/json

* Content-Type: application/x-www-form-urlencoded

The body of the request should be in URL-encoded format and contain the following fields:

* grant_type: The type of grant (in this case, client credentials)

* client_id: The ID of the OAuth client created in step 2

* client_secret: The secret key of the OAuth client created in step 2

* username: The Active Directory username and password to use for authentication

* password: The Active Directory password for the specified username

The response will contain the access token, which we can use to authenticate our API calls.

Step 4: Get AD Users

Now that we have the access token, we can make regular API calls to retrieve data from VIDM. For example, we can get all the users in VIDM by sending a GET request to the following API path:

“`

https:///api/user

“`

The headers for this request should include:

* Accept: application/json

* Content-Type: application/json

The body of the request should be empty. The response will contain an array of users, each with their own set of attributes.

Conclusion

In this blog post, we have demonstrated how to automate VMware Workspace One Access using Active Directory authentication. We have shown how to set up an OAuth client application in VIDM using local System domain credentials and how to use the access token to make regular API calls. This can be useful for Enterprise solutions that require secure service accounts for automation processes.

Hopefully, this blog post has been helpful to some of you who are looking to perform some VIDM API operations to support your Automation solution. Until next time… keep it real, don’t get lazy with AI my friends!