Smallstep can integrate with Omnissa Workspace ONE UEM to keep your device inventory in sync and to exchange SCEP tokens. A SCEP token is a single-use password that's used by devices to get a certificate from Smallstep.

To configure the connection, let’s first set up an API role and credentials Workspace ONE. Then, we’ll add the client credentials to Smallstep.

Prerequisites

You will need:

• A Smallstep team
• A Workspace ONE UEM tenant
• A test device to enroll for management
  • This can be an Android emulator for testing, but you will need a physical device for testing an enterprise Wi-Fi connection.

Step-by-step instructions

Connect Smallstep to Workspace ONE via OAuth

This step can be skipped in case a connection between Smallstep and Workspace ONE has already been created.

First, we’ll create a scoped API role for Smallstep:

1. In Workspace ONE UEM, navigate to Accounts → Admin Roles and choose + Add Role

2. Create a role named “Smallstep” with a description of “Smallstep Integration”

3. Smallstep needs Read access to Devices, using the REST API: Choose API → REST on the left, and choose ✅ Read for the row “Devices”

   

4. Choose Save

Next, we’ll create an OAuth client for Smallstep:

1. In Workspace ONE UEM, navigate to Groups & Settings → Configurations and find OAuth Client Management in the list.
2. Choose Add and add a new client with a name of “Smallstep” and description of “Smallstep MDM Integration for Device Sync”
3. For Organization Group, select the group most appropriate for managing your desired device inventory.
4. For Role, choose Smallstep