Device posture with Workspace ONE requires the Workspace ONE agent and the Cloudflare WARP client to be deployed on your devices. For this integration to function, our service-to-service posture check relies on the serial_number being the same in both clients. Follow the instructions below to set up the posture check.
Obtain Workspace ONE Settings
The following Workspace ONE values are needed to set up the Workspace ONE posture check:
- Client Secret
- Region-Specific token URL
- REST API URL
To retrieve those values:
- Log in to your Workspace ONE dashboard.
- Navigate to Groups & Settings > Configurations.
OAuthin the search bar labeled Enter a name or category.
- Select OAuth Client Management in the results. The OAuth Client Management screen displays.
- Click Add.
- Enter values for the Name, Description, Organization Group, and Role.
- Ensure that the Status is Enabled.
- Click Save.
- Copy the Client ID and Client Secret to a safe place.
- Retrieve the correct Region-Specific Token URL from the . Copy the Region-specific token URL to a safe place.
- Obtain your REST API URL by going to the WS1 dashboard and navigating to Groups & Settings > All Settings > System > Advance > Site URLs > REST API URL.
Configure the provider on the Zero Trust Dashboard
- Go to Settings > Devices > Device posture providers and click Add new.
- Select Workspace ONE.
- Give your provider a name. This name will be used throughout the dashboard to reference this connection.
- Enter the Client ID and Client Secret you noted down above.
- Select a polling frequency for how often Cloudflare Zero Trust should query Workspace ONE for information.
- Enter the Region-specific token URL and REST API URL you noted down above.
- Click Save.
- Click Test Provider to ensure the values have been entered correctly.
Configure compliance settings
Workspace ONE posture checks work with the Compliance flags in Workspace ONE. All compliance tests must pass for the device to be considered compliant.