Teasing the Top EUC Session at VMworld 2021: Magic Links Made Easy

Recently, we learned that Mobile Jon, like a phoenix out of the ashes is returning to VMworld 2021 with a session coined: VDI Nerdfest 2021: Demos That Make Admins Drool. I will be teaming up with ITQ’s Johan Van Amersfoort. Johan doesn’t need an introduction so I won’t waste your time there. Two of the avengers finally team up for the first time to take VMworld by storm.

Chris Hemsworth Thor GIF by Marvel Studios

The gif above is pretty apropos since I occasionally go SMASH! and Johan is a crossfitting european (he could definitely lift Mjollnir), but I digress. Johan is well known for delivering amazingly engaging demos at conferences and clients, whereas I am known for pushing the limits of the EUC stack and sharing that knowledge. Today, we will be teasing just a miniscule piece of our VMworld session: Creating Magic Links for Workspace ONE Day 0 Onboarding. First, It’s a natural progression of Mobile Jon’s other works like covering the virtual assistant. Let’s cover enabling magic links, which is so easy now!

To enable magic links, it’s pretty easy. Once you have your AD group created for onboarding and synchronized to WS1 Access , you configure it in the console now:

Once that is done, which is pretty self explanatory, we will go into a short demo to show you how to configure the rest of it.

As you saw, it’s pretty easy to set things up. Like in other areas, we enable the method, bring it to the IDP, and build it into our policy. Overall, we finish this up and we are ready to move into discussing the process to create magic links.

Creating Magic Links for WS1 Day 0 Onboarding

Creating magic links today is a bit tricky and requires some knowledge of APIs to do so. Here’s some example code of how you would do it via PowerShell:

##Get Access Token into WS1 Access##
$AccessURL = ''
$ClientId = ''
$ClientSecret = ''
$text = "${ClientId}:${ClientSecret}"
$base64 = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($text))
$headers = @{
        "Authorization"="Basic $base64";
        "Content-Type"="application/x-www-form-urlencoded";
    }

$results = Invoke-WebRequest -Uri "https://$AccessURL/SAAS/auth/oauthtoken?grant_type=client_credentials" -Method POST -Headers $headers
$accessToken = ($results.Content | ConvertFrom-Json).access_token
  $authHeader = @{
        "Authorization"="Bearer $accessToken";
    }
      $global:workspaceOneAccessConnection = new-object PSObject -Property @{
        'Server' = "https://$AccessURL"
        'headers' = $authHeader
    } 
$global:workspaceOneAccessConnection    

##Creating Magic Token

##Setting Magic Token Headers
 $MLheaders = @{
        "Accept"="application/vnd.vmware.horizon.manager.tokenauth.link.response+json";
        "Content-Type"="application/vnd.vmware.horizon.manager.tokenauth.generation.request+json"
        "Authorization"=$global:workspaceOneAccessConnection.headers.Authorization;
    }

##Setting Magic Token Body
 $MLjson = @{
        domain = $Domain
        userName = $userName
    }

    $MLbody = $MLjson | ConvertTo-Json


##Performing the Rest request to get the Magic Link##
Invoke-RestMethod -Uri "https://$AccessURL/SAAS/jersey/manager/api/token/auth/state" -Method POST -Headers $MLheaders -Body $MLbody

Essentially, we do a POST function with the username and domain of the person and it gives you a magic link they can use to log into the onboarding process without having a password (since they haven’t started yet). This of course only works if they’re in the onboarding AD group.

The main problem you have with this is most people in the UEM space aren’t super comfortable with using REST APIs, so I have come up with a solution!

You can find the code to my Magic Link Generator, which is basically a PowerShell script that I wrote and converted to an executable with PowerShell Studio. The code is on my GitHub and thanks to the great William Lam’s work on the VIDM API that pointed me in the right direction along with some old work of Josue Negron to build something usable for HR teams everywhere.

My demo as seen below, asks you for the person’s first name, last name, and the email address of the person who should receive the New Hire Welcome email and it does the rest for you.

One other thing you will notice, in that New Hire Email is an easter egg for our session at VMworld.

We promise this will be the most engaging and entertaining session you will attend at VMworld 2021 with zero product marketing and 100% real world magic.

Shia Labeouf Reaction GIF

Final Words

I hope you’ve enjoyed this short teaser on one of the many awesome things we will be showing you in our immersive session. We will take you on a journey around the entire UEM suite from Day 0 Onboarding, automation, AI, Watson, and SO MUCH MORE! Get ready because m0bilej0n and the bearded VDI junkie are bringing a mindblowing session in October.

Lastly, DO NOT FORGET TO GET JOHAN’s new book or I am coming for you!

angry liam neeson GIF

Leave a Reply

Scroll to Top
%d bloggers like this: