Ensure VMware Workspace ONE Compliance Using Okta

When it comes to device security, many organizations use a combination of identity services and device management tools to ensure that secure practices are being adhered to at scale.

In this guide, we’ll be focusing on the combination of Okta and VMware Workspace ONE to run a compliance check to ensure that all employees have Workspace ONE installed on at least one of their devices.

Okta is a leading identity management platform that helps employers establish consistent access and secure authentication across applications.

VMware Workspace ONE is a leading security and application management tool that offers endpoint management and access control across devices and virtual applications.

The following steps will allow you to confirm which users in Okta have at least one active device in your business's VMware Workspace ONE account.

Blink Automation: Find Okta Users Without Workspace ONE Installed

Okta + Workspace ONE

Try This Automation

Getting an Active Users List From Okta

The first step of running this type of compliance check is getting a full list of active users at your organization. You can pull this list directly from Okta using either the Okta Admin UI or via the Okta API.

Using the Okta Admin UI

1. Navigate to the Okta Admin Panel, then go to Reports.
2. Select the Okta Password Health link to download a CSV file.
3. Open the CSV file, then filter the Status column for Active users.

Using the API

The Okta API retrieves all users with a maximum of 200 per call. You can use the following syntax to issue a call with parameters:

"https://${companyOktaDomain}/api/v1/users?limit=200"

If you have more than 200 users in your organization, you will likely need to use pagination to pull the full list.

Getting User and Device Lists from Workspace ONE

Now that you have a user list from Okta, you need to go to the Workspace ONE Unified Endpoint Management (UEM) console. This is your access point for all enrolled devices within your organization. You can analyze and manage devices of all kinds and on all platforms from this central location.

To check whether users have active devices and confirm mobile device management (MDM) compliance, first navigate to the Workspace ONE UEM console. On the left side of the console, choose Accounts. From this tab, you will be able to access information for all registered users within your organization's account. 

Open the User Accounts List View

In order to fully evaluate device activation, you will need to dive deeper. From the Accounts tab on the Workspace ONE UEM, you can open the user accounts list view, which provides a comprehensive list of all users. The list view includes various data points: 

• The user's full name
• The current user status
• The enrollment organization group
• The number of devices associated with the user
• The number of groups to which the user belongs
• Contact information for the user

You can also apply filters or sort user information by characteristics such as security type, enrollment status, and user role.

To export this list, click the Export button, select the format (XLSX or CSV), navigate to “Monitor”, then “Reports & Analytics”, and then “Exports” to view and download the resulting report.

Open the Devices List View

To check if users have devices associated with them, you can navigate to the device list view. Here you will find information on all the devices in your account, including fields like:

• “Last seen” date
• Device type
• Operating system
• Associated User
• Enrollment Status
• Compliance Status

To export this list, follow the same steps as before. Click the Export button, select the format (XLSX or CSV), navigate to “Monitor”, then “Reports & Analytics”, and then “Exports” to download the report.

Using the combination of the Okta active user list, the Workspace ONE User list, and Device list, you can cross-reference them in Excel with the vlookup function to identify gaps between Okta and Workspace ONE, and users in both tools who don’t have devices registered. you can quickly identify users who have gaps. You can then follow up with them directly to ensure they meet compliance.

Automating Device Compliance Checks With Blink

As remote work continues to flourish and more employees use mobile devices for their everyday tasks, MDM compliance will play a prominent role in data security. With this compliance check, you can ensure that your organization is achieving security best practices. 

This method is very manual and could be time-consuming. With Blink, running queries like this is simple.

This automation, which already exists in the Blink library, runs the following steps:

1. Lists all users in Okta
2. Makes a list of all IDP emails
3. Checks if all users in Okta have devices in Workspace One
4. Compiles a report of all users with no registered device.
5. Sends the report to a specified email address.

You can use automations like this one out-of-the-box, or customize them with drag-and-drop actions.

Get started with Blink today and ensure device management compliance in a couple clicks today.