Introduction
One of the major conveniences about Munki and JAMF are that they support linking to items within the service. One major issue with Workspace One is that this is not possible or at least, until now with this hacky workaround.
At Epidemic Sound, we opted to use the native toolset of WS1 rather than doubling up on both Intelligent Hub and custom open source toolsets (though we are not opposed to opening up our toolset range in the future).
The Idea
I live in a world where I like to make things very easy for people. If we give them a document, they should be able to click one button to do all the actions, especially if that action exists in Intelligent Hub. However, there was no URL schema that I could find in the macOS Device Management Workspace One Guide, or if you Google Search the entire VMware website.
This makes my life difficult to point people to the proper place without having to do step by step guides.
Well…. here comes a hacky solution and a feature request.
The Research
When looking through strings that Workspace One uses, we can find the following:
|
|
If we take the first and recursively grep through the entire folder path of Workspace One Intelligent Hub:
|
|
So lets dive further into the file and see where it pulls up using grep to start with:
|
|
So now that we see awjade://
, we now have a URL:
|
|
This awjade://appIdentifier-
looks interesting.
From here we have two methods to obtain the rest of the information:
Web proxy
- Install a web proxy (Fiddler, Charles, BurpSuite, OWASP ZAP, or some other tool)
- Install the SSL Cert so that you can inspect secure traffic being passed through the proxy.
- Search for the URL that looks something like this:
https://TENANTID.vmwareidentity.de/catalog-portal/services/api/v3/hubLanding?excludeThinApps=true&includeEntitlements=true&refreshCache=true
This should return a JSON body that looks something similar to this:
|
|
All of the items listed here, are what you would append to awjade://appIdentifider-
to load Intelligent Hub.
|
|
sqlite method
If not already installed, install sqlite3
- Open up the sqlite3 client towards
~/Library/Group Containers/group.com.vmware.hub.mac/IntelligentHub/GreenClient.sqlite
- If you don’t already have headers on, run
.headers ON
(mainly for convenience) - Run
.tables
, this should output something similar to the following
|
|
- Run
select ZNAME,ZIDENTIFIERfrom ZCONTENT;
, this should output something similar to:
|
|
What you want is the entire item where the item you want to link from ZNAME
is listed in the column ZIDENTIFIER
.
The Solution
From here, now you have the identifiers that you can obtain from locally on the device or via the network.
Now all that needs to happen is:
awjade://appIdentifier-OKTA-OMIT-Okta-SAML_2_0
awjade://appIdentifier-MDM-OMIT-Native-Internal
You can launch a user directly into an application pane in Intelligent Hub.
Unfortunately, this does not work with Favorites, or other types of entries that are listed here. I am sure there is another way around this.
None of this has been tested on Windows, however, I don’t have any reason to believe this would not also work on that platform.
Workspace One Ideas
You can find a feature request / improvement on Workspace One here:
https://wsone.ideas.aha.io/ideas/UEMCPI-I-1246
The hope is that Workspace One properly implements this, rather than us hacking around to find a way to make this work. Ideally, an admin should have be able to link something like:
awjade://app/Google-Chrome
awjade://self-service
This would allow administrators a more readable way to deep link, and potentially easier to determine a naming scheme from rather than random numbers.
You can see the comments at the time of writing in the attached PDF.