Device posture with Workspace ONE requires that the Workspace ONE agent and the Cloudflare WARP client are deployed on your devices. For this integration to function, our service-to-service posture check relies on the serial_number being the same in both clients. Follow the instructions below to set up the check.
Obtain Workspace ONE Settings
The following Workspace ONE values are needed to set up the Workspace ONE posture check:
- Client Secret
- Region-Specific token URL
- REST API URL
To retrieve those values:
- Log in to your Workspace ONE dashboard.
- Go to Groups & Settings > Configurations.
OAuthin the search bar labeled Enter a name or category.
- Select OAuth Client Management in the results. The OAuth Client Management screen displays.
- Select Add.
- Enter values for the Name, Description, Organization Group, and Role.
- Ensure that the Status is Enabled.
- Select Save.
- Copy the Client ID and Client Secret to a safe place.
- Retrieve the correct Region-Specific Token URL from the . Copy the Region-specific token URL to a safe place.
- Obtain your REST API URL by going to the WS1 dashboard > Groups & Settings > All Settings > System > Advance > Site URLs > REST API URL.
Configure the provider in Zero Trust
- Give your provider a name. This name will be used throughout the dashboard to reference this connection.
- Enter the Client ID and Client Secret you noted down above.
- Select a polling frequency for how often Cloudflare Zero Trust should query Workspace ONE for information.
- Enter the Region-specific token URL and REST API URL you noted down above.
- Select Save.
- Select Test Provider to ensure the values have been entered correctly.
Configure compliance settings
Workspace ONE posture checks work with the Compliance flags in Workspace ONE. All compliance tests must pass for the device to be considered compliant.