Merge pull request #463 from smallstep/carl/ws1-updates

Fixes to Workspace ONE doc

Author: tashian

tutorials/connect-workspace-one-to-smallstep.mdx

@@ -1,5 +1,5 @@
 ---
-updated_at: November 17, 2025
+updated_at: November 18, 2025
 title: Connect Workspace One UEM to Smallstep
 html_title: Omnissa Workspace ONE Integration Guide
 description: Connect Workspace ONE UEM to Smallstep for unified device identity. Enterprise guide for cross-platform device security management.
@@ -39,7 +39,7 @@ Next, we’ll create an OAuth client for Smallstep:
 3. For **Organization Group**, select the group most appropriate for managing your desired device inventory
 4. For **Role**, choose **Smallstep**
 5. Choose **Save**
-6. Copy the resulting client ID and secret value
+6. Save the resulting client ID and secret value to a temporary location
 
 ### 2. Configure Smallstep OAuth settings
 
@@ -49,7 +49,7 @@ Configure a new Omnissa Workspace ONE Integration with the values you gathered a
 
 - The Workspace ONE UEM REST API URL for your tenant.
     - This URL is shown in UEM’s settings. Navigate to  
-      **Groups and Settings** → **All Settings →** **System** → **Advanced** → **API** → **Rest API**
+      **Groups and Settings** → **All Settings** → **System** → **Advanced** → **API** → **Rest API**
     - Copy the REST API URL from that page
 - The Workspace ONE UEM [OAuth 2.0 Token URL for your region](https://docs.omnissa.com/bundle/WorkspaceONE-UEM-Console-BasicsVSaaS/page/UsingUEMFunctionalityWithRESTAPI.html#datacenter_and_token_urls_for_oauth_20_support)
 - The OAuth client ID and secret you saved in Step 1
@@ -68,7 +68,7 @@ Within a few minutes after adding the connection, you should see all of your Wor
 1. In Workspace One UEM, visit **Resources → Scripts**
 2. Choose **Add** and then **Windows**
     1. In the General tab, provide a name for the script, such as “Smallstep Agent Enrollment”
-    2. On the Details tab, ensure the **Language** is “Poweshell” and the **Execution Context & Privileges** is “System Context”
+    2. On the Details tab, ensure the **Language** is “Powershell” and the **Execution Context & Privileges** is “System Context”
     3. Use the following snippet as the **Code**, making sure to replace `<team-id>` with the Team ID value you copied from the Smallstep UI earlier.
 
         ```xml
@@ -125,7 +125,7 @@ In this step, we’ll tie everything together by creating Windows policy to enro
 
 #### Gather required details
 
-1. You’ll need the following values from when your configuration your Workspace ONE connection:
+You’ll need the following values from when you configured your Workspace ONE connection:
     - SCEP URL
     - SCEP Challenge URL
     - Challenge Basic Authentication Username
@@ -143,11 +143,11 @@ For compatibility with Workspace ONE, Smallstep emulates the Microsoft ADCS’s
     2. For Authority Type, choose `Microsoft ADCS`
     3. For Protocol, choose `SCEP` 
     4. For Version, choose `NDES 2008/2012` ([NDES for SCEP](https://docs.omnissa.com/bundle/CertificateAuthorityIntegrationsV2410/page/NDESforSCEP.html))
-    5. Provide the SCEP URL from Step 1
+    5. Provide the SCEP URL
     6. For Challenge Type, choose `Dynamic`
-    7. Provide the Challenge Username and Password from Step 1
+    7. Provide the Challenge Username and Password
     8. No client certificate is needed
-    9. Provide the SCEP Challenge URL from Step 1
+    9. Provide the SCEP Challenge URL
     10. Choose **Show Advanced Options**
         - For SCEP Challenge Length, choose `32`
     11. Choose **Test Connection** and wait for a ✅ success modal
@@ -176,11 +176,11 @@ A new modal screen will be presented with the empty Request Template configurati
     3. Click Windows, and then select Windows again
     4. Click Device Profile
     5. Under General, Provide a name (e.g. “Smallstep Device Enrollment”)
-        1. Select the All Devices group in the Smart Groups dropdown
+        1. Select the All Devices group in the Smart Groups select list
         2. Other options can be left as-is
         3. Optionally, click the View Device Assignment button to see the devices to which the profile will be distributed
-    6. Add a Credential by clicking the **Configure** button , and set the following settings:
-        1. Credential Store: Defined Certificate Authority
+    6. Select the **Credential** payload type on the left and choose **Configure**. Set the following settings:
+        1. Credential Source: Defined Certificate Authority
         2. Certificate Authority: Choose the CA connection you created earlier
         3. The certificate template should be selected automatically. If not, select an appropriate one.
         4. Key Location: TPM Required
@@ -190,4 +190,6 @@ A new modal screen will be presented with the empty Request Template configurati
 
 ### Confirmation
 
-In the Smallstep UI, go to the device's profile page. In the **Device Registration** section, you'll see an **Enrolled At** timestamp.
+In the Smallstep console, find your device. In the **Device Registration** section, you'll see an **Enrolled At** timestamp.
+Workspace ONE's device UI also shows both the installed apps and issued certificates on the device.
+