Use the Service Graph Connector for VMware Workspace ONE UEM to pull mobile and computing devices data from VMware Workspace ONE Unified Endpoint Management (UEM) into your ServiceNow instance.

Before you begin

To use this Service Graph Connector, you need a subscription to a Subscription Unit that is based in the IT Operations Management (ITOM) Visibility application or in the ITOM Discovery application. As defined in the section titled "Managed IT Resource Types" in ServiceNow Subscription Unit Overview for your subscription, for managed IT resources that are created or modified in the CMDB by this Service Graph Connector, but that aren’t yet managed by ITOM Visibility or ITOM Discovery, these resources will increase Subscription Unit consumption from that application. Review your current Subscription Unit consumption within ITOM Visibility or ITOM Discovery to ensure available capacity.

Dependencies and requirements:
  • The Integration Commons for CMDB store app, which is automatically installed.
  • The CMDB CI class models store app, which is automatically installed. See CMDB CI Class Models store app.
  • The ITOM Discovery License plugin (com.snc.itom.discovery.license). You must activate this plugin.
  • ITOM Licensing plugin (com.snc.itom.license). For more information, see Request Discovery.
  • The Datastream Action plugin (com.glide.hub.action_type.datastream), which is automatically installed.

Roles required: admin

About this task

To configure the Service Graph Connector for VMware Workspace ONE UEM, you must configure your OAuth authentication credentials (step 4) if you have these credentials. If you don't have these credentials, then you must configure your Basic authentication credentials (step 5). Do not configure both OAuth and Basic credentials.

Procedure

  1. Navigate to All > Service Graph Connectors > Workspace ONE UEM > Setup.
  2. On the Getting started page, select Get Started.
  3. Configure your OAuth authentication credentials.
    If you do not have OAuth credentials, skip this step and configure the Basic authentication credentials in step 5.
    1. On the Service Graph Connector for VMware Workspace ONE UEM page, in the Configure the connection section, select the task Configure authentication credentials.
    2. On the next page, in the Configure authentication credentials section, select Configure.
    3. On the form, fill in the following fields.
      Table 1. Application Registries form
      Field Description
      Client ID

      Client ID of the VMware Workspace ONE UEM console.
      Client Secret

      Client secret of the VMware Workspace ONE UEM console.

      Note: You can click the lock icon (Lock icon.) to view the client secret.
      Token URL

      The Token URL of VMware Workspace ONE UEM console so that you can fetch the access token.

      Note: For more information about the Token URL, see the VMware knowledge base article on the VMware documentation site.

      To get more information about how to get OAuth credentials, see the VMware documentation site.

    4. Review the other fields on the Applications Registries form as needed.
      Table 2. Application Registries form
      FieldDescription
      Name Name of the OAuth app.
      OAuth API Script Script that is used to customize requests and responses to the external OAuth provider.
      Logo URL Logo URL for the OAuth app.
      Default Grant type The Default Grant Type that is used to establish the OAuth token.
      Refresh Token Lifespan Number of seconds that a refresh token issued will be good for.
      PKCE required Option to enable public clients to require PKCE during the authorization flow.
      Application Application that contains this record.
      Accessible from Location where the OAuth is accessible from.
      Active Option to activate the OAuth app.
      Authorization URL OAuth authorization code end-point.
      Token Revocation URL OAuth access token revocation end-point.
      Redirect URL The OAuth app end-point to receive authorization code.
      Use mutual authentication Option to use mutual authentication for token requests and revocations. This option requires that a Mutual Auth Profile is specified.
      Send Credentials Option to enable the OAuth Client to populate client credentials in the request.
      Comments Comments about the OAuth app.
    5. Click Update if necessary.
    6. In the Configure authentication credentials task section, click Mark as Complete.
  4. Configure your Basic authentication credentials.
    If the OAuth credentials were configured in step 4, skip this step.
    1. On the left side bar, click the Configure the Basic Auth connection icon (Configure the Basic Auth connection icon.) and select the task Select authentication type.
    2. On the next page, in the Set authentication type section, click Configure.
    3. Update the Value field to basic.
    4. In the Set authentication type section, select Mark as Complete.
    5. In the Configure authentication credentials section, click Configure and do the following:
      1. In the Name field, enter a name for the authentication. For example, VMware Workspace ONE UEM Basic credentials.
      2. In the User name field, enter your VMware Workspace ONE UEM user name.
      3. In the Password field, enter your VMware Workspace ONE UEM password.
      4. Click Update.
    6. In the Configure API key section, click Configure, in the API Key field, enter your VMware Workspace ONE UEM tenant code, and then click Update.
  5. Configure the HTTP connection.
    1. In the Configure HTTP connection task section, click Configure.
    2. On the form, fill in the fields.
      Table 3. HTTP(s) Connection form
      FieldDescription
      Name Name of the connection.
      Use MID server MID Server that sends this HTTP connection. Using a MID Server is not compatible with mutual authentication.
      Host Target host value that is used by the connection. The Connection URL will automatically fill in the hostname.
      Note: Update the Host field with a VMware Workspace ONE UEM base URL. For example, as4855.awmdm.com.
      Credential Credential value used by this connection.
      Connection alias Connection value that is used to refer to the connection.
      URL builder URL builder that is used to build the connection URL.
      Connection URL Connection URL of the connection. You can either manually enter your connection URL or use the URL builder to build the connection string.
      Mutual authentication Optional to enable mutual authentication.
      Protocol Underlying protocol used by the connection.
      Note: Update the Protocol field if you are using anything other than https.
      Active Option to activate the HTTP connection.
      Domain Domain that contains the connection.
      Override default port Target value port that is used by the connection.
      Base path Base path for HTTP(s) connection.
      Note: You do not need to update this field.
      Note: The HTTP connection will be pre-configured to use the authentication credentials that were configured during the previous setup task.
    3. Click Update if necessary.
    4. In the Configure HTTP Connection task section, click Mark as Complete.
  6. Validate the data sources.
    1. In the Validate data sources task section, click Configure.
    2. Review the fields on the Data Source form, which is automatically set.
      Table 4. Data Source form
      FieldDescription
      Name Unique name of this data source.
      Import set table label Specify the import set table that is produced by this data source.
      Import set table name Name of the table that will be created for this data source.
      Type Data storage type of the data to be imported.
      Data in single column Data in single column.
      Use Batch Import Option to use batch insert to the import set table.
      Application Application that contains this record.
      Data Stream action Data Stream action that provides complex object streams to load data.
      Data Loader Script that loads data in the import set table.
    3. Test the connection by clicking the Test Load 20 Records related link.
      Testing the connection takes a few moments, after which the page refreshes to show the test results. The connection is successful if the HTTP Status is 200. If there is an Error Code and Error Message, then the connection failed and further troubleshooting is required.
      Note: Do not click Load All Records during this setup.
    4. In the Help sidebar, click Back to Guided Setup.
    5. In the Validate data sources task section, click Mark as Complete.
  7. (Optional) Configure additional settings.
    1. On the left side bar, click the Configure additional settings icon (Configure additional settings icon.).
    2. On the Service Graph Connector for VMware Workspace ONE UEM page, in the Configure additional settings section, select the task Configure duplicate detection rules.
    3. In the Configure duplicate detection rules section, click Configure.
    4. On the CMDB Duplicate Row Rules form, update the Active column value to true to activate the duplicate detection rule.
      Note: To remove fields from being evaluated, add the field names with a comma in a separated list in the Ignore Fields column.
    5. In the Help side bar, select Mark as Complete.
    6. In the Set software import section, click Configure.
    7. In the Value field, enter false to import the software data then close the window.
    8. In the Import non-managed software section, click Configure.
    9. In the Value field, enter false to include non-managed software then close the window.
    10. In the Import apps with status section, click Configure.
    11. Add the status of the applications you want to import by updating the Value field.
      By default, the connector imports applications labeled as Installed, Pending Removal, and Unknown.
      Table 5. Status values of applications
      StatusValue
      Pending Install 1
      Installed 2
      Pending Removal 3
      Removed 4
      Unknown 5
    12. Close the window and click Mark as Complete.
  8. Set up the scheduled import jobs.
    1. On the left side bar, click the Set up scheduled import jobs button.
    2. On the Service Graph Connector for VMware Workspace ONE UEM page, in the Set up scheduled import jobs section, select the task Configure the scheduled job.
    3. In the Configure the scheduled job task section, click Configure.
    4. Select the name of the scheduled import that you want to run.
    5. Review the pre-populated fields on the Scheduled Data Import form.
      Table 6. Scheduled Data Import form
      FieldDescription
      Name Name of the scheduled job.
      Data source Data source record that defines the data to import.
      Run as Option to run the scheduled job with the credentials of the specified user.
      Active Option to activate the scheduled job. Select this option.
      Concurrent Import Function that loads the data from multiple import sets. The function then processes and transforms the data concurrently.
      Partition Method Partition method for the concurrent import set.
      Partition Size Import set size for early scheduling.
      Execute pre-import script Option to specify a script to run before the import is performed.
      Execute post-import script Option to specify a script to run after the import is performed.
      Application Application that contains this scheduled job.
      Run Frequency of running the import.
      Conditional Conditions under which this job is executed.
    6. Click Update and repeat the Configure the scheduled job task and these substeps for the other imports if needed.
    7. In the Help task bar, click Mark as Complete.