Workspaces Login Fails With "Unauthorized"

Version 6

    Verified Product Versions

    Endpoint Manager 2016.xEndpoint Manager 2017.x



    Logging into Workspaces returns: Unauthorized



    Causes and Resolutions


    There are several reasons you might be unauthorized to access Workspaces. This is not an exhaustive list, just a collection of some common causes.


    1. Incorrect logon policy
      1. Check your BridgeIT application in Configuration Center and ensure Token Only or Identity Server is selected for the "Logon policy" if using a domain login
    2. Web Filter/Proxy
      1. To help test for this, try to access the following URL in your browser on the Core: https://localhost/STS/issueToken
      2. You should get a download and/or see a bunch of text displayed if the connection succeeds.
    3. Incorrect permissions on the STS, Framework or BridgeIT websites
      1. STS: Anonymous Authentication - Enabled. Windows Authentication: Enabled
      2. BrideIT and Framework - Anonymous Authentication: Enabled
      3. All other auth types should be set to disabled for those sites.
    4. AD Account locked
      1. Self Explanatory. See if your account has been locked.
    5. Framework wasn't upgraded after BridgeIT upgrade (BridgeIT is upgraded when you update/upgrade your core)
      1. Open Configuration Center and click "Edit" on the Framework application
      2. Note what the current Logon Policy is, then set the Logon Policy to "Explicit Only"
      3. Click "Upgrade" next to the Framework
      4. After the upgrade completes, edit Framework and change the Logon Policy back to the previous setting
    6. BridgeIT is using a Framework created by a ServiceDesk application server (specified in the LDSD Web API Url), and the Service Desk server is unlicensed or licensed for the wrong version.
    7. URL entered in the Xtraction API URL without the proper configuration:
      1. Xtraction integration requires a specific configuration using Identity Server. Follow the steps in this document if you would like to configure Xtraction workspaces integration:
      2. If you added the Xtraction Web API URL on any of the bridgeIT applications, remove it and save the changes.



    If you're still seeing Unauthorized after doing these steps, you may need to contact Ivanti Support for further assistance