WS1 UEM Event Notifications

• Start by clicking Workflows across the top nav bar and click New Workflow

• Let’s give our new workflow a name - in the upper left-hand corner below the menu bar, click on "Title", and update it, in my case I am calling it "device enrollment, apply tag"

• In the main window select the HTTP / Webhook trigger - this will generate a unique URL for your workflow that we can send event notifications to from the UEM console.

• Copy the https URL into a note pad for use later on.

• Below the trigger you will see a + button, select that and pick the Run Node.js code action

• This will open up a code editor where we can run any node.js code, for now - let’s make it easy to understand and paste the following:

console.log('Everything is awesome.');

• In the code editor window, click save, and then click deploy to make this a live serverless app

• What will happen now, is that if trigger our workflow, either by generating test data in the workflow editor or by sending a message to the URL, the node.js console log will output our Everything is awesome message.

• Let’s verify that by clicking the Send Test Event button

• After a moment, a test event will be generated, and our node.js script runs, and we see in the console log output our message - very cool!

• In the Target Name, I like to make it descriptive so later on I remember what it was for - I am going to call mine - "pipedream app, device enroll apply tag"

• The target URL is going to be the URL from our http trigger we built in the last step

• We didn’t configure any auth on that app since this is just an educational thing - but for anything more than that I would advise you do - so leave those blank.

• In the format - set it to JSON to make our lives easer later on

• hit test connection and verify it was successful

• That will actually generate an event in your pipedream workflow, and you should see your Everything is Awesome status message in the console log.

• Let’s check that out, go back to your pipedream window, on the left-hand side you will see timestamped events, you should see a current time stamped event - click on that and look in the main window, at the bottom you should see your status message.

• Back in the UEM console we need to select a which events will trigger an event notification to our service. Since I want to apply a tag on device enrollment, I will enable device enrollment and hit save.

• So now I have my Event notification rule, and it will send an alert to my pipedream service every time a device is enrolled.

• Let’s give that a go and see what kind of information is sent to pipedream.

• Take your test device and enroll it - I am going to assume if you are reading this type of blog, that we don’t need to walk through the enrollment process - but if you need some help, here is the link to the VMware Docs page for iOS device enrollment

• Next up, lets create a new Device tag to apply to the deice on enrollment

• If you are interested in reading the docs on Device Tags - check it out here

• In the UEM console navigate to Groups & Settings \ All Settings \ Devices & Users \ Advanced \ Tags

• Click Create Tag and give your Tag a name - in my case I’m calling it "pipedream" and hit save

• while were here, let’s get the Tag ID - the main way to do this via the API, but were going to cheat a bit right click on the new tag we just created and copy the link. Paste that link into a notepad, it should look something like this: https://console.awmdm.com/AirWatch/Tags/Actions/View/1234

• the last digits in that URL in this case "1234" is the tag id

• We are going to get a few other pieces of information while were still in the UEM console that we will need to allow our pipedream workflow to send the apply tag command back to UEM.

• First, we need to generate an API key for us to use.

• In the UEM console head to Groups and Settings in the menu bar, then All Settings \ System \ Advanced \ API \ REST API. Click Add and a new row will appear with an API token generated.

• Give the service a name and description that will make sense when you look this over later on.

• Copy the API key into a note pad for later use and hit save

• In our case to apply a tag to a device via the UEM API's, I need to know a couple of things, the tag id, which we will got in a previous step, and the Device ID - which you can see in the event notification - hint it’s the "DeviceId" value.

OK - so don’t be overwhelmed, we will break this down but here is the code we are going to use in our node.js workflow step.

const axios = require("axios")

// Make an HTTP POST request using axios

const resp = await axios({

method: "POST",

url: `https://as1.awmdm.com/API/mdm/tags/TagID/adddevices`, //This is your UEM API URL, replace {TagID} with the correct tag id

data: {

"BulkValues": {

"Value": [

steps.trigger.event.body.DeviceId //this is the variable that will grab the device ID send in the Event notification if you followed step by step, this shoudl be correct, if not update to your value

]

}

},

headers: { //the headers to send in the post to the UEM API

'aw-tenant-code': 'UemApiKey', //API key from UEM console - !! DO NOT HARD CODE THESE IN THE FINAL CODE this is educational only!!

'Accept' : 'application/json',

'Content-Type' : 'application/json' },

auth: {

username: 'UemApiAdminUser', //UEM Admin user with API Access - !! DO NOT HARD CODE THESE IN THE FINAL CODE this is educational only!!

password: 'UemApiAdminUserPassword' //UEM Admin User password - !! DO NOT HARD CODE THESE IN THE FINAL CODE this is educational only!!

}})

// Retrieve just the data from the response

const { data } = resp

// export this data for use in a future step

// https://docs.pipedream.com/workflows/steps/#step-exports

this.data = data

OK So what are we looking at the first line is telling node to load the axios http library, this allows us to send a POST http method to our UEM endpoint

• The next block is building the POST message, defining the method - “POST" - the URL to send the POST to.

  • Here we need to make our first update. In place of the "TagID" change it to be the actual tag ID we collected earlier.

    • For example, instead of being: https://as1.awmdm.com/API/mdm/tags/TagID/adddevices

    • it should say: https://as1.awmdm.com/API/mdm/tags/12345/adddevices

• The data field what the UEM API is expecting to contain the deviceID values. Here we are using a variable to dynamically gather the DeviceID that the UEM console sent to us in the Event notification. This way it will work for all devices as they enroll.

• Below that are the headers we want to include with our POST request - and you need to update with your values we collected earlier.

• The UEM API expects a few things in the headers of our request:

  • the API key - defined as aw-tenant-code

  • Authentication - with node when we define the "auth:" value it will convert the UN/PW combination to base64 for us

• Here !! I AM ADMITTEDLY FOLLOWING BAD PRACTICES !! - we are going to hardcode our API key, API user and password into our code. As this is educational at this point, I am OK with that, if this was anything more than that, there are much more secure ways to handle the credentials.

• Copy the code upadated with your valies and replace the "Everything is awesome" code in our pipedream editor. Update the values we just reviewed - the TagId, API key, Username and Password

• Look for any errors the code editor may flag - tip - sometimes quotation marks get a little mixed up

• Save and deploy the code change