Device posture with Workspace ONE requires the Workspace ONE agent and the Cloudflare WARP client to be deployed on your devices. For this integration to function, our service-to-service posture check relies on the serial_number being the same in both clients. Follow the instructions below to set up the posture check.
1. Obtain Workspace ONE Settings
The following Workspace ONE values are needed to set up the Workspace ONE posture check:
- Client Secret
- REST API URL
- Region-Specific token URL
To retrieve those values:
- Log in to your Workspace ONE dashboard.
- Navigate to Groups & Settings > Configurations.
OAuthin the search bar labeled Enter a name or category.
- Select OAuth Client Management in the results. The OAuth Client Management screen displays.
- Select Add.
- Enter values for the Name, Description, Organization Group, and Role.
- Ensure that the Status is Enabled.
- Select Save.
- Copy the Client ID and Client Secret to a safe place.
- To obtain your REST API URL, gp tp Groups & Settings > All Settings > System > Advance > Site URLs > REST API URL.
- Retrieve the Region-Specific Token URL from Workspace ONE and copy it to a safe place.
2. Add Workspace ONE as a service provider
- Go to Settings > Devices > Device posture providers and click Add new.
- Select Workspace ONE.
- Give your provider a name. This name will be used throughout the dashboard to reference this connection.
- Enter the Client ID and Client secret you noted down above.
- Select a Polling frequency for how often Cloudflare Zero Trust should query Workspace ONE for information.
- Enter the Region-specific token URL and REST API URL you noted down above.
- Select Save.
To ensure the values have been entered correctly, select Test.
3. Configure the posture check
Select Add new.
Select the Workspace ONE provider.
Configure the Compliance status check.