Workspaces Setup Guide

Version 4

    Verified Product Versions

    Endpoint Manager 2016.xEndpoint Manager 2017.x



    This document is a guide on setting up Workspaces in LDMS 2016.3 SU3+ and 2017.1. Some pieces will only apply to one version or another, and will be noted as such.


    This guide is assuming the reader has basic knowledge of Landesk Management Suite, and the prerequisites to Workspaces listed below have been fulfilled.





    • A configured Workspaces database. More information on how to set this up can be found here
    • A user with Landesk Administrator rights to the console


    Configuring The Logon Policy


    Your main options for logging into Workspaces are below. This document will focus mostly on Identity Server, as it supports the other 2 technologies and is the current design path for the future:

    • Token Only
      • This uses Active Directory to authenticate a user with the domain. As long as the logon succeeds, Workspaces will allow the user to login.
    • Integrated Only
      • This uses Integrated Windows Authentication to use a user's currently logged in context to authenticate.
    • Identity Server
      • This is a new technology with existing functions to replicate both Token and Integrated authentication. It's also compatible with OAuth and may integrate with other OAuth providers in the future.

    While there are also Explicit Only and Shibboleth Only policies, Explicit Only is only used in specific situations, and configuring Shibboleth is beyond the scope of this guide


    In Configuration Center, open up your instance. You should have 3 applications - Framework, BridgeIT, and IdentityServer.


    Edit your Framework and BridgeIT to use the "Identity Server" logon policy.






    Next, decide if you want to allow Integrated Logon. If you do, set "Use Integrated Logon" to True on your BridgeIT application.


    Last, edit your Identity Server application.

    • If you chose to allow Integrated Logon, you also need to change the value of "Allow Windows Logins" here.
    • Set your "User Consent Expiration". This is how long a users login will last before a user must re-consent to the login.



    Configuring Users


    Now that you have a logon policy, the next step is to configure your users. Workspaces uses the existing user rights information in Landesk Management Suite to determine rights. Below is a general breakdown of how LDMS roles translate to Workspaces roles. This will be updated as more mappings are verified.


    Note that all users in Landesk Management Suite's user management who have logged into the Console will be Analysts, and any users not found in there will be End Users.


    The format is LDMS Role > Workspaces role

    • Software Licensing > Asset Manager
    • Security > Security Manager
    • Landesk Administrator > Workspaces Administrator


    Additionally, some Workspaces actions require certain rights in LDMS. Some examples are:

    Remote Control - Requires Remote Control rights

    Install Software - Requires Software Distribution rights


    Windows Application


    The windows application (or "hybrid app") is a web wrapper, and displays the underlying BridgeIT web page. The main difference is that, because the application is a local program, it can read a client's policy XML to determine which software packages should be made available.


    A user using the windows application will need a username, password, and the full link to the BridgeIT web page. Just supplying the LDMS core is not enough. The full link is generally in the format:




    The windows application can also be configured to login automatically, as long as Windows Logins are allowed by the Identity Server.





    The documents below are some good troubleshooting resources if you encounter issues.


    Logging Into Workspaces Shows No Information



    Workspaces Login Fails With "Unauthorized"


    Self Service/Software Catalog Not Showing In Workspaces


    Error: Cannot insert the value NULL into column 'ui_index'



    Other Useful Documents


    How To Build And Publish A Dashboard In Workspaces