Workspaces Setup Guide

Version 4

    Verified Product Versions

    LANDESK Management Suite 2016.x

    Overview

     

    This document is a guide on setting up Workspaces in LDMS 2016.3 SU3+ and 2017.1. Some pieces will only apply to one version or another, and will be noted as such.

     

    This guide is assuming the reader has basic knowledge of Landesk Management Suite, and the prerequisites to Workspaces listed below have been fulfilled.

     

     

    Prerequisites

     

    • A configured Workspaces database. More information on how to set this up can be found here
    • A user with Landesk Administrator rights to the console

     

    Configuring The Logon Policy

     

    Your main options for logging into Workspaces are below. This document will focus mostly on Identity Server, as it supports the other 2 technologies and is the current design path for the future:

    • Token Only
      • This uses Active Directory to authenticate a user with the domain. As long as the logon succeeds, Workspaces will allow the user to login.
    • Integrated Only
      • This uses Integrated Windows Authentication to use a user's currently logged in context to authenticate.
    • Identity Server
      • This is a new technology with existing functions to replicate both Token and Integrated authentication. It's also compatible with OAuth and may integrate with other OAuth providers in the future.

    While there are also Explicit Only and Shibboleth Only policies, Explicit Only is only used in specific situations, and configuring Shibboleth is beyond the scope of this guide

     

    In Configuration Center, open up your instance. You should have 3 applications - Framework, BridgeIT, and IdentityServer.

     

    Edit your Framework and BridgeIT to use the "Identity Server" logon policy.

     

    Screenshot_136.pngScreenshot_137.png

     

     

     

    Next, decide if you want to allow Integrated Logon. If you do, set "Use Integrated Logon" to True on your BridgeIT application.

     

    Last, edit your Identity Server application.

    • If you chose to allow Integrated Logon, you also need to change the value of "Allow Windows Logins" here.
    • Set your "User Consent Expiration". This is how long a users login will last before a user must re-consent to the login.

     

     

    Configuring Users

     

    Now that you have a logon policy, the next step is to configure your users. Workspaces uses the existing user rights information in Landesk Management Suite to determine rights. Below is a general breakdown of how LDMS roles translate to Workspaces roles. This will be updated as more mappings are verified.

     

    Note that all users in Landesk Management Suite's user management who have logged into the Console will be Analysts, and any users not found in there will be End Users.

     

    The format is LDMS Role > Workspaces role

    • Software Licensing > Asset Manager
    • Security > Security Manager
    • Landesk Administrator > Workspaces Administrator

     

    Additionally, some Workspaces actions require certain rights in LDMS. Some examples are:

    Remote Control - Requires Remote Control rights

    Install Software - Requires Software Distribution rights

     

    Windows Application

     

    The windows application (or "hybrid app") is a web wrapper, and displays the underlying BridgeIT web page. The main difference is that, because the application is a local program, it can read a client's policy XML to determine which software packages should be made available.

     

    A user using the windows application will need a username, password, and the full link to the BridgeIT web page. Just supplying the LDMS core is not enough. The full link is generally in the format:

     

    http://<corename>/My.BridgeIT

     

    The windows application can also be configured to login automatically, as long as Windows Logins are allowed by the Identity Server.

     

     

    Troubleshooting

     

    The documents below are some good troubleshooting resources if you encounter issues.

     

    Logging Into Workspaces Shows No Information

     

     

    Workspaces Login Fails With "Unauthorized"

     

    Self Service/Software Catalog Not Showing In Workspaces

     

    Error: Cannot insert the value NULL into column 'ui_index'

     

     

    Other Useful Documents

     

    How To Build And Publish A Dashboard In Workspaces