Pulse One Integration

Overview

ICS appliance can be integrated with the Pulse Workspace console server to auto-provision workspace based on user's group membership and to enable seamless active sync email access for mobile clients. Once this integration is in place, the mobile devices that are managed by Pulse Workspace will get seamless mail access from Enterprise mail server without requiring the users to configure their mail clients.

To configure Pulse Workspace command handlers to auto-provisioning workspace or to enable seamless active sync email access for mobile clients, do the following:

1.Register ICS with Pulse Workspace

2.Maintain Notification Channel

3.Renew Credentials

4.Configure User Role (For seamless Active Sync support)

5.Configure LDAP Authentication Servers to use for Group Lookup (For User's group membership-based auto-provisioning)

Register ICS with Pulse Workspace

ICS has to be registered with Pulse Workspace before it can be used for seamless mail access for Pulse Workspace configured mobile devices. On successful registration, Pulse Workspace sends ICS the following information:

The following table lists the Registration Information:

Registration Information	Description
Hawk Credentials	All communication from ICS to Pulse Workspace are authenticated using the HAWK. Pulse Workspace sends this information in the registration response. The response consists of: Key Key Identifier Message Authentication Code Generation Algorithm
Device Identification Information	Each ICS device is uniquely identified in Pulse Workspace. This identification information is sent to ICS in the registration response to be used in all communications.
Notifications Channel URL	To receive any unsolicited notification from Pulse Workspace, ICS creates and maintains a websocket channel with Pulse Workspace. The endpoint URL on the Pulse Workspace for this channel is sent as part of the registration response.
Base API URL	On receiving any unsolicited notification on the websocket, ICS sends a REST request to Pulse Workspace to fetch additional information. The base URL for these REST APIs is sent by Pulse Workspace in the registration response.

Maintain Notification Channel

ICS creates a websocket channel with the Pulse Workspace server. Pulse Workspace sends notification to ICS over this channel. This channel is teared down by the Pulse Workspace once in 24 hours and ICS needs to reconnect to Pulse Workspace on this event. Also, when the HAWK credentials become invalid, the websocket channel is teared down.

ICS keeps the websocket channel up all the time and also takes corrective measures whenever there is a disruption on this channel.

Renew Credentials

HAWK credentials sent by Pulse Workspace are valid for 7 days. After this time, the credentials need to be renewed. When the credentials are in renew state, the notification channel will fail and any communication from ICS to Pulse Workspace cannot be authenticated. The existing credentials can only be used to request the new credentials.

HAWK credentials expire after 30 days. Once the credentials expire, ICS needs to be reconfigured and reregistered using a new registration code. This results into new device identification information and new HAWK credentials.

Configure User Role (For seamless Active Sync support)

Configure the User role that will be used for creating the device records on ICS for Pulse Workspace devices. On creation of a workspace, Pulse Workspace requests ICS to create a device record so that the mobile device which maps to that workspace can access email using ICS as activesync proxy. This requires ICS to know which role should be used for creating the device records. ICS administrator needs to configure this information using the admin UI.

Configure LDAP Authentication Servers to use for Group Lookup (For User's group membership-based auto-provisioning)

Configure the LDAP Authentication server that will be used for handling group validation and user's group membership related requests on ICS for Pulse Workspace Server. ICS administrator needs to configure this information using the admin UI.

Pulse One Configuration

This section covers the configuration required on ICS to enable it to register with the Pulse Workspace console server.

Pulse One Settings

 

The following table lists the Pulse One Configuration Details:

Field	Description
Registration URL	This is the URL to which ICS sends the registration request. The format of the URL is https://<PWS API Host Name>/api/v1/register. The Pulse Workspace API Host name is displayed to the administrator when he/she creates an entry for this appliance on the Pulse Workspace console server.
Registration Code	This is the code that ICS sends to Pulse Workspace in the registration request. This code is generated and displayed to the administrator when he/she creates an entry for this appliance on the Pulse Workspace console server.
Credential Renegotiation Interval	This is the time in days after which ICS automatically does renegotiation of HAWK credentials with Pulse Workspace.
Credentials Exchange time	This is the time at which the last successful credential exchange took place.
Hashing Algorithm	This is the algorithm used for generating the MAC for HAWK authentication. Currently the only supported value is HS256 which is HMAC using SHA-256.
Client Device ID	This is the unique identification information of the ICS device on the Pulse Workspace server. This information is received in the registration response.
Notification URL	This is the URL at which the websocket endpoint is present at the Pulse Workspace server. This information is received in the registration response.
Registration Status	Reports current status of registration. Gray - not yet registered Yellow - registration in progress Green - registered successfully RED - registration failed/renew credentials/credentials expired
Notification Channel Status	Reports current status of notification channel. Gray - not yet connected/connection not required Yellow - connection in progress Green - connected RED - connection failed
Save Changes	Saves the configuration and triggers registration, if required.
Clear configuration	Clears all the configuration and disconnects the notification channel.
Renegotiate credentials	Triggers renegotiation of credentials.

Pulse Workspace Handlers

This section covers the configuration of the command handlers that handle the messages received on the notification channel.

Pulse Workspace Handlers

 

Active Sync Handler Configuration

This section covers the configuration of the activesync command handlers that create/delete the device records in ICS when Pulse Workspace sends a notification.

The following table describes the Active Sync Handler Configuration:

Field	Description
Device Role	This is the role assigned to the device records created by ICS for the Pulse Workspace registered devices.
Clear Active sync Device Records	This option would delete all the device records pushed from Pulse Workspace Console Server.

Group Lookup Handler Configuration

This section covers the configuration of group lookup command handlers that validate the group existence and also fetches the user's group membership from the configured backend LDAP server when Pulse Workspace sends a notification.

The following table lists the Group Lookup Handler Configuration:

Field	Description
Available Auth Servers	All the configured LDAP Server will be listed under this.
Selected Auth Servers	Select the LDAP authentication server to handle the Group lookup requests.

•Only one authentication server per domain should be selected.

•This functionality is supported only with 'Active Directory' type LDAP server.

•To back up and restore Pulse One command handler configuration, administrator should use the binary export/import of user configuration