How do I enable direct communication between Airwatch and Zscaler?
If your organization uses the MDM solution provider Airwatch, you can configure settings to enable direct communication between the Zscaler and Airwatch services.
Once you enable communication between Zscaler and Airwatch, the Zscaler service can automatically push the VPN profile containing the iOS policy you configured in the Zscaler App Portal to the Airwatch service. You can then use the Airwatch console to push the VPN profile to iOS devices in your organization, ensuring enforcement of the iOS policy from the Zscaler App Portal.
Note that if you update your iOS policy in the Zscaler App Portal, you must use the Airwatch console to push the updated VPN profile containing the updated policy to your iOS devices.
Before configuring Airwatch to communicate with Zscaler, ensure the following requirements are in place.
- The Airwatch MDM must already be deployed and user/group configuration and other related configurations required to enroll devices to the MDM must have been completed. Please refer to Airwatch documentation for the deployment instructions.
- Ensure you have configured an iOS policy for your organization in the Zscaler App Portal.
Configuration: Enabling Communication between Zscaler and Airwatch
To facilitate this process, Zscaler recommends that you log in both to the Airwatch Console and to the Zscaler admin portal and keep both windows open while completing tasks A to C below.
- From the menu on the left, go to Group & Settings > All Settings.
- From the Settings window, go to System > Advanced.
- From the System/Advanced window, go to API > Rest API.
- In the Rest API window, locate the API Key. You will need to copy and paste this API Key in the Zscaler App Portal, as described in Step B below.
B. Configure Airwatch in the Zscaler App Portal and retrieve Mobile Admin information
- In the Zscaler admin portal, go to Policy > Zscaler App Portal.
- In the Zscaler App Portal, go to the Administration tab.
- Go to Airwatch Configuration from the menu on the left. Note that you will see this menu option only if Zscaler has enabled Airwatch Integration for your organization.
See image below.
- In Airwatch API Key, paste in the API Key you retrieved from the Airwatch MDM console (as described in Step A.5 above).
- In Airwatch UserName, enter the username with which you log into the Airwatch MDM console.
- In Airwatch Password, enter the password with which you log into the Airwatch MDM console. Note that if you change your Airwatch profile password, you must change the password here in the Zscaler App Portal as well.
- In the same window, note the Mobile Admin URL and Username fields which will be automatically populated by the Zscaler service. (The Mobile Admin URL is associated with the URL of the Zscaler admin portal to which you log in. The Mobile Admin Username is pre-populated with "zsconnect@" and the domain name of your organization. For example, if your organization's domain name is "safemarch.com", in Mobile Admin Username, you would see "email@example.com".
- In Mobile Admin Password, enter a password of your choosing.
- Click Save.
C. Enter Zscaler Mobile Admin info in the Airwatch console
- From the menu on the left in the Airwatch console, go to Devices > Profiles > List View.
- Click on the profile you use to manage iOS devices.
- In the profile window, click VPN in the menu on the left.
- Under Connection Info, complete the following fields:
- In Connection Type, select Websense.
- In Server, enter the URL found in the Mobile Admin URL field.
- In Username, enter the username found in the Mobile Admin UserName field.
- In Password, enter the password you entered in Mobile Admin Password. If you change the Mobile Admin Password in the future, you must return to the Airwatch console and change the password here as well.
- Click Save & Publish.
The Zscaler services can now push the appropriate VPN profile to the Airwatch service, which can then push the profile to your organization's iOS devices.