Information Security and Access Control Design for Workspace ONE Access
You manage access to Workspace ONE Access by assigning users and groups to Workspace ONE Access roles.
Identity Management Design
In Workspace ONE Access, you can assign three types of roles to users and groups.
Role | Description | Example Active Directory Group Name |
|---|---|---|
Super Admins | A role with the privileges to administer all Workspace ONE Access services and settings. | wsa-admins |
Directory Admins | A role with the privileges to administer Workspace ONE Access users, groups, and directory management. | wsa-directory-admins |
ReadOnly Admins | A role with read-only privileges to Workspace ONE Access. | wsa-read-only |
For more information about Workspace ONE Access roles and their permissions, see the
Workspace ONE Access
documentation.As the cloud administrator for Workspace ONE Access, you establish an integration with your enterprise directories which allows you to use your organization's identity source for authentication.
The Workspace ONE Access deployment allows you to control access to supported SDDC components by assigning roles to your organization's enterprise directory groups, such as Active Directory security groups.
Assigning roles to groups is more efficient than assigning roles to individual users. As a cloud administrator, you determine the members that make up your groups and what roles they are assigned. Groups in the connected directories are available for use Workspace ONE Access. In this design, enterprise groups are used to assign roles in Workspace ONE Access.
Password Management
Design
The password management design consists
of characteristics and decisions that support configuring user security policies for
the Workspace ONE Access instance.
Certificate Management Design
The Workspace ONE Access user interface and API endpoint use an HTTPS connection. To provide secure access to the Workspace ONE Access user interface and API, use a CA-signed certificate.