Airwatch/Workspace One Host/Device Registration Process
When Airwatch/Workspace One and FortiNAC are integrated, the registration process for hosts is as follows:
-
A host connects to the network and is detected by FortiNAC.
-
If the host is running an operating system not supported by Airwatch/Workspace One, it becomes a rogue and goes through the regular registration process (either through the captive portal, Device Profiler or any other registration method configured in FortiNAC).
-
If the host is running one of the operating systems listed below, FortiNAC checks to see if the Airwatch/Workspace One MDM Agent is installed. This requires that On-Demand registration be enabled in the MDM Service record for the Airwatch/Workspace One integration with FortiNAC.
-
Android
-
Apple iOS
-
BlackBerry
-
Mac OS X
-
Symbian
-
Windows Mobile
-
Windows Phone
-
-
Hosts without the Airwatch/Workspace One MDM Agent are sent to the captive portal where the user is asked to download and install an MDM agent before connecting to the production network.
-
If the host has the Airwatch/Workspace One MDM Agent installed, FortiNAC connects to Airwatch/Workspace One and retrieves the host data from the Airwatch/Workspace One database and registers the host in FortiNAC.
-
If the host is associated with a user in Airwatch/Workspace One that also exists in FortiNAC, then the host is registered to that user.
-
If the user is unknown in FortiNAC, the host is registered as a device.
-
Based on the User/Host Profile that matches the host, a Network Access Policy is applied and the host is placed in the appropriate VLAN.
-
Settings selected for the MDM Service that controls the connection between Airwatch/Workspace One and FortiNAC determine when Airwatch/Workspace One is polled for updated information.