top of page

How to Setup Authentication for NSX-T with VMware Workspace One Access

I recently rebuilt my lab environment. This will go over the process I used to connect NSX-T 4.0.1.1 to VMware Workspace One Access (WOA, formerly VMware Identity Manager/vIDM)

Prereqs

You will need to have NSX-T 4.0.1.1 and VMware Workspace One (VMware Identity Manager) already deployed. I would also recommend you already have the proper SSL Web Certificates on these systems so you don't have to do any connections a 2nd time. (Did you see my other post about installing Certs on NSX-T?)

VMware Workspace One Access should also already be setup with Active Directory Access.

You will need an SSL Client like Putty to SSH into the NSX Manager to run a command to grab the WOA/vIDM SHA256 Thumbprint


Step 1

Login to the web interface of Workspace One Access with the admin account https://<WOAFQDN>/SAAS/auth/login/userstore


Step 2

Click on Catalog > Settings > Remote Access

Step 3

Click on the Create Client green button

Step 4

Set Access Type to - Service Client Token

Client ID - NSX-T_O-AuthClient (or something that makes it easy to understand) (copy this for later use, save it securely) Expand Advanced Click Generate Shared Secret (copy this for later use, save it securely)

(Optional) Change the Access Token TTL to 9 Hours and Ilde Token TTL to 7 days


Step 5

SSH into the NSX Manager using the root account/password

Step 6

Run the below command to get the SHA256 Thumbprint from your instance of WOA/vIDM

HOST=hamvidm01.hamker.local

PORT=443

openssl s_client -servername $HOST -connect $HOST:$PORT </dev/null 2>/dev/null | openssl x509 -noout -sha256 -fingerprint


Step 7

Login to NSX-T with the admin account


Step 8

Click on System > User Management > Authentication Providers > VMware Identity Manager > Edit


Step 9

(Optional if vIDM is in front of an External Load Balancer) Enable External Load Balancer Integration

Enable VMware Identity Manager Integration

Input the WOA/vIDM FQDN

Input the OAuth Client ID

Input the OAuth Client Secret

Input the SSL Thumbprint from Step 6

Input the NSX Appliance FQDN

Click on Save


Step 10

Validate that the WOA/vIDM Connection is Up and the Integration is Enabled

Step 11

Click on user Role Assignment > Add Role For Providers > VIDM


Step 12

Type in the name of a vIDM User (3 letters required), select the name, and then select the role. Click Save


Step 13

Logging in with Local vs vIDM Creds

For Local Use the link like: https://<NSX-FQDN>/login.jsp?idp=local

For vIDM, Use the link like: https://<NSX-FQDN>/login.jsp#/













Comments


Single Post: Blog_Single_Post_Widget
bottom of page