What we want it logs entirely with sso to the portal. When enabled, this program tests only on usability data, which is essential to ensuring our customers real-world needs are being met. If you can configure Receiver to automatically login to StoreFront without needing the users password, then you can enable Citrix FAS on that StoreFront store to handle the SSON to the VDA. WebWe would like to show you a description here but the site wont allow us. what i am seeing is user acess https://sso.domain.local and login. Workspace For multi-data center, build separate Connectors for each data center. Break the silos between IT and security teams with a consistent and common tool for discovering and responding to new threats, and continuous verification of risk based on user behavior and device context. Our Horizon VDI desktops have the Citrix Receiver installed which is using SSO for the storefront to access an EHR application. Workspace ONE Intelligence is a service for the Workspace ONE platform. When I go to https://idm.domain.com, a Workspace portal opens. Connecting to the IP address will cause problems during the database setup process. vIDM 2.8 in my installation is not stable CPU spikes up to 100% and crashes after few minutes. Login to the Identity Manager web page as the. Basic remote actions appear on the Basic Actions subtab of the selected device in the self-service portal. I guess I need to redo it. The device status displays under the name of the device on the tab. Do you know if I can use Azure AD integrated with Identity Manager ? By acting as a broker to different identity stores and providers including AD, ADFS, AAD, Okta, and Ping Workspace ONE Access can quickly deliver apps from on-premises andmulti-cloudinfrastructures. If youre not proxying IDM and Horizon through a single UAG cluster, then that would be two public IPs. Probably this one https://communities.vmware.com/thread/548682. Since iDM doesnt receive the users password, I suspect youll need to implement Horizon True SSO. Any idea how to fix it. UAG replaces the security server with new features and functions. And I have some question want to ask since there are no much information I can find from VMware doc. Ensure you can be reached by entering your personal information in the User tab including email, up to four different phone numbers, time zone, and locale. For Citrix ADC load balancing of VMware Access, see, For F5 load balancing of Identity Manager, see. Revokes the token for a selected application. What should I config to can access virtual apps in native app (horizon) from Identity without problems? The there is also a thread about it on the vmware forums. I Have a problem with connect UAG and VIDM? Unfortunately, you are currently ineligible for a free trial because our records indicate you have previously registered for a trial. I installed the IDM 3.3 appliance on-premise. For example, you can have a user Jane in domain eng.example.com and another user Jane in domain sales.example.com. But if I use a group it doesnt. Terms of Use page to set up Workspace ONE terms of use and ensure that end users accept these terms of use before using the Hub portal. I assume SAML is configured between IDM and the Connection Servers. The Connector installer should automatically launch again. This setting is enabled by default. You must define this question together with its answer when you log in to the UEM console for the first time. Locks the selected device so that an unauthorized user cannot access it, which is useful if the device is lost or stolen. Download Hub for Windows x86/x64 Password Recovery to configure the password recovery page that displays when users click. Unfortunately, you are ineligible for a free trial at this time. Version 19.03 and newer no longer include the embedded Connector so you must deploy one or two Windows machines to run the external connector. Horizon Server expects to obtain its login credentials from another application The default experience for users who log in to the Hub portal from Workspace ONE Access is to select the domain to which they belong on the first login page that displays. as your external url is idm.domain.com then you need to configure vidm to respond with the same url by going to https://vidm-01.domain.com:8443/cfg/workspaceUrl and setting it to https://idm.domain.com and then update the UAG to point to https://idm.domain.com. It aggregates, correlates, and analyzes data from multiple sources and delivers actionable insights across any app and any device. Hi, Ive the same issue with windows based connectors. Delete an Azure Monitor workspace Users are presented with the domain drop-down selection menu that lists all Active Directory domains integrated with the Workspace ONE Access server and the local System Domain directory. The actions available depend upon enrollment status, device platform, and action permissions. Create reverse pointer records too. im unable to login with the admin local user. If you have the older 19.03 Identity Manager Connectors, then see Migrating to VMware Workspace ONE Access Connector 22.09 at VMware Docs. The Go to Details button displays tabs containing information about the selected device under the selected user account. Yes, through Custom Connectors in Workspace ONE Intelligence customers can create integration with any third party and custom tools that support REST APIs. The solution there is the UAG there to use as a reverse proxy, Your email address will not be published. Gain insights and visibility across your virtual desktops and applications and monitor the health and performance of your virtual environment. Can someone clarify how Identity Manager in combination with AirWatch supports multi tenacy? I think its the Bind User thats the problem, but I cant find any good documentation on which permissions this user needs in AD. Learn more about the Digital Employee Experience Management capabilities powered by Workspace ONE Intelligence. The workspace keeps a history of all training runs, including logs, metrics, output, and a snapshot of your scripts. However, when devices are employee-owned, those employees might want to access similar management tools for their own use. Then the elastisearch showed green. Or are you saying that when you configure Reverse Proxy on the UAG that UAG cannot communicate with IDM? Thanks for your dedication when doing this tutorials !! Change your password by selecting the Account button located at the top right of the Self Service Portal screen. Published app is only Desktop pool. WebEstablish trust between users, devices and apps for a seamless user experience. What Proxy Pattern do you have configured for UAG Reverse Proxy to IDM? Click Create. Hi Carl, and thanks for this excellent post! When creating the pool, did you check the box to enable HTML Access? When the login page If you are installing the Kerberos Auth Service, then select a .pfx certificate that clients will trust and click, The service account must be added to the local, Repeat these steps to add another connector. Administrators who create more accounts to delegate management responsibility can also create and distribute credentials for their environment. https://labs.vmware.com/flings/true-sso-diagnostic-utility. This setting must be between 1 and 5. I think public certs on each appliance should be fine. Having the same problem, dont see a response from Carl yet. Would that also mean that it is unnecessary to add a certificate to the windows-based connector? You can Reset this password at any time. Connector Authentication Methods to configure the User Auth services connector-based authentication methods, including Password (cloud deployment, RSA SecurID (cloud deployment), and RADIUS (cloud deployment) and the Kerberos Auth service. Hide "Change to a different domain" link on login page, Use email address to sign in to Intelligent Hub, Enable persistent cookies for user sessions. Could it be the Citrix Receiver is looking at the logon mechanism and seeing its not the conventional SAMAccountName logging the user on. Since the connectors are not accessed inbound (directly) by users, Im guessing it doesnt matter what you put there. If you have a device that supports Web Clips or Bookmarks, your administrator can supply these shortcuts enabling you to access the SSP directly. You can access the Self-Service Portal (SSP) from your workstations or devices by navigating to https:// /MyDevice. Is there a way to achieve this configuration. When a users logs into the thin client / vdi (for test) / fat client, the user wants to (in the internal network), SSO to the IDM Portal, logging into the thin client / vdi / fat client requires to authenticate with AD username/password, and for the portal again, so the user needs to login twice. Intelligent Access for the Digital Workspace eBook, VMware Workspace ONE and VMware Horizon Reference Architecture. See how we work with a global partner to help companies prepare for multi-cloud. Optimize IT operations with a rich set of out-of-the-box as well as custom dashboards and reports with cross-platform digital workspace insights. Or is there maybe an other way, like registry setting or something (to remeber/push the setting, remember my setting on the login page) setting that option (remember my setting) then it keeps working as we want. I agree with @BC that this is confusing. Operate apps and infrastructure consistently, with unified governance and visibility into performance and costs across clouds. End users can perform remote actions over-the-air to the selected device from within the Self Service Portal. A device friendly name can be edited directly from the, Email Address and Phone Number on both the. Easily enable dozens of access policy combinations that leverage Workspace ONE device enrollment, network and SSO policies, automated device remediation and 3rd party information. I couldnt find the thread in vmware forums.. Can you post the link here. Please also note that if you already have a Load balancer and or reverse proxy in place you do not gain anything by using them with your load balancer other than pain suffering and nightmares. Has anyone figured this out yet? I think it has to do with the certificate or something, Hi Carl, how are you? You can create reports to track users' and groups' activities, resource and device use, and audit events by user. so I do a port forward on my router to vIDM. When I change Identity manager FQDN to load-balancer name Kerberos stopted worked, but I can authentificate with my domain credential trougth login form. Great article, thank you very much! The Hub portal is the default interface used when users access and use their entitled resources with a browser. Note: If a device end user logs into the SSP to change a shared device passcode before it expires, this new passcode adopts the expiration time from the OG associated with the shared device, not the OG the end user is managed from. Deliver security and networking as a built-in distributed service across users, apps, devices, and workloads in any cloud. Hello Carl, I am running into an issue with my RDSH applications. Enter your email address to subscribe to this blog and receive notifications of new posts by email. The Citrix Receiver is now unable to pass SSO and requests authentication to the backend server. Easily enable dozens of access policy combinations that leverage Workspace ONE device Administrators of Workspace ONE UEM have console specific account settings allowing you to configure user contact information, notification preferences, login history, and security configuration including password recovery. Only AD groups synced to VMware Access will be displayed. Unless the browser cache is cleared. All the pools sync, there is one particular pool (possibly more, but this one affects me so I noticed it), that in the View Admin console has 8 users entitled to it. (Choose three.) Identity Manager is nothing more than a portal that authenticates users and displays your icons. When the Workspace ONE UEM service is integrated with Workspace ONE Access, end users can see all applications that they are entitled to. As the admin, if you change the end users shared device passcode in the Add/Edit User screen from the Workspace ONE UEM console, it correctly adopts the expiration time of the OG the end user is managed from. Each enrolled device appears in its own tab across the top of the Self Service Portal page. Enabling root access lets you use root credentials when using WinSCP to connect to the appliance. Not much help but should explain why we all see this. Read about how to create the workspace contact list. Domain Users are not synced by VMware Access and thus wont be displayed here. I forgot to mention. You can also manage the configuration of the appliance, including SSL certificates for the appliance, change the service admin and system passwords. by the way, great blog, nice work and thank you for the help. The User Portal (aka Intelligent Hub) is the interface that non-administrators see after logging in. Enter a name for Display Name. For example, assume you have an OG structure with 'Parent' at the top and 'Child' underneath. Hi Carl, I had to reboot them to get it to work. Transformations Azure Monitor agent diagnostic settings resource logs Log Analytics workspace In the WS1 console navigate to Accounts > User > List View Click ADD > Add User Click Basic for the security type. Thanks! 1.Use OpenSSL or similar to create the certificate in PEM format. Same Issue Here. To access the Workspace ONE Access console directly, enter the Workspace ONE Access URL as https:///SAAS/admin. Hi Carl, I have setup my lab environment, there it is running fine. Change the role of this user from "User" to "Administrator". Each appliance needs a unique hostname so it can join the domain correctly. The embedded Connector version 19.03 can be migrated to the external Windows Connector 22.09. For details, see. Learn how to customize your home screen by visiting, Explicit Logout (including closing the browser and inactivity.). You can alter the default login page background by configuring Branding settings. The export feature is self-explanatory. Download the latest ESG Economic Validation. For Horizon, VMware Workspace ONE Access enables integration of additional apps from Citrix and the web (e.g., SaaS). Is it possible to do so? Our customers leverage Workspace ONE Intelligence for a variety of use cases, here are some examples: Digital Employee Experience Management (DEEM) is a set of capabilities available with Workspace ONE Intelligence that enable IT admins to better understand factors and digitalworkspace KPIs impacting employee experience and take actions to fix them. So this works well in the test setup. Clear the passcode on the selected device and prompt for a new passcode. The workspace is the top-level resource for Azure Machine Learning, providing a centralized place to work with all the artifacts you create when you use Azure Machine Learning. Externally the URL supplied by IDM sends connections to our load balanced UAGs. Give your IDP a name (eg. As a security feature, this action is not available for accounts that enrolled with a token. VMware Workspace ONE Access (formerly known as Identity Manager) is a component of VMware Workspace ONE. I did run across a problem maybe you have insight into with your Citrix background as well. TrueSSO is another server. Which three settings can be configured to manage user access to the unified access portal? Carl We are trying to implement the following: You can set the default authentication method displayed on the Log Into This has worked seamlessly up until we put Identity Manager using TrueSSO to access their desktops remotely. In the My Workspace ONE portal, navigate to your My Company page under My Workspace ONE > My Company from the main navigation pane. Set a new passcode for the selected device. You might need a new, Before upgrading, suspend all the connector services at. Dashboard to monitor user activity and resources used. Configuration settings like pricing tiers and data retention. Did you check it? How does the Identity manager play with the new Access Point for Horizon? Lack of users password can be challenging. Be ready for the newest Workspace ONE benefits on day one such as Workspace ONE Hub Services and Workspace ONE Intelligence. Select Save to add the new device to the SSP account. In a scenario when the console for Workspace ONE UEM console is left unlocked and unattended, an extra safeguard is provided against malicious actions that are potentially destructive. I have linked our AirWatch environment with Identity Manager. One user may work on the design of the dataset, while other users build reports that connect to the dataset by using live connections. Log Analytics workspace overview - Azure Monitor | Microsoft Learn The geographic location of the data. (local directory) Expiry Date: Permanent If you only want to build one appliance, then the appliance Host Name should match whatever users will use to access Identity Manager. 2 Access Point (HA) For example the Password (AirWatch Connector). After you integrate View with Identity Manager, go to Identity & Access Management > Setup > Network Ranges, add/edit, and theres a Client Access URL Host. Workspace ONE Trust Network is a framework for leading security partners to integrate with Workspace ONE Intelligence and ingest threat data into the platform. I have an issue with the Authentication with vIDM and Kerberos, I have RDSH App and i tried to connect from the vIDM but the SSO not worked , it is only worked from the user machine till the vIDM but when i try to access the RDSH App it is asking for authentication: 2 vIDM (HA) (multiple AD connectors, APNS, etc.). Rind a device by remotely causing it to ring. Do you have solution for this, how to connect UAG and VIDM? See. You can opt in or opt out of the Product Improvement Program at any time by navigating to Groups & Settings > All Settings > Admin > Product Improvement Programs. You can set the default authentication method displayed on the Self-Service Portal of Workspace ONE UEM depending on the needs of your organization and the needs of your users. Dont forget the collation at the top of the script. I let users synchronize with AirWatch in Identity Manager. What am I missing to check. Hub Configuration page to access the Hub Services console from the Hub Configuration link. Hi Carl, For more details contact your sales team. Get integrated insights, app analytics and powerful automation that improve user experience and strengthen compliance across your entire workspace. As a 3rd party Identity Provider? Resolution Thank you for any assistance. Otherwise we will not be able to login. One thing Horizon is missing is the ability to save password in a Windows environment where they arent joined to the same domain or are in a workgroup. The pod for Win10 is just upgraded to 7.2, and this pod works as expected, desktops are running through client and browser (blast). Let me know if you notice anything else that needs to be corrected. Both events generate a logging level 5 (warning) event. Appreciate if there is configuration guide for this. When the login page displays, select the domain, if requested and log in with your Active Directory user name and password, or select System Domain and log in as the Workspace ONE Access admin. your VIDM workspace url needs to match what the user is connecting to. name the fqdns IM01.corp.com and IM02.corp.com and Identity.corp.com using the same wildcard cert? This is a great to understand the Identity Manager here. Because I have several Customer groups, I would also have to be able to set different configurations here. Policies to add and manage the access policies and network ranges. Create a new Support request (web ticket) online in the My Workspace ONE portal by navigating to Support > Get Help. For web-app SSON, there are many products that can do that. Manage devices connected to an email account. Hi BC, I am just installing 19.03 vidm and get error Note: This setting is only accessible at the Global level for on-premises customers. Im planning to install a couple of vIDM appliances and I have that doubt, if just a simple external SQL database is enough or has to be Always on technology or something like that. What we want is that the user logs into the thin client, and when going to the IDM portal, already being logged in. Create DNS records for the virtual appliances. Since vIDM doesnt have the users password, you might have to implement Horizon TrueSSO. Managing Authentications Methods in VMware Workspace ONE Access, Working in the VMware Workspace ONE Access Console. Hi Carl, great writeup, im hitting problems with FQDN and a local domain name of.local. Optionally provide a description for the application. Our organization consists of several internal divisions. For on premises deployments, the Resiliency monitoring page is the system diagnostics dashboard. Settings apply to all Workspace ONE product in your subscription. Create a new Active Directory group for your VMware Workspace ONE Access users. Configuration of Identity Manager fails with error: Thanks for your observations. Its not my expertise so I cant say if one is better than another. Thanks for the helpful details on IDM, Could you please give a guidance on true SSO configuration on IDM 3.0. When connecting remotely, the PCoIP or Blast connection needs to be proxied through another machine. Aggregate threat data from external sources like CVE lists and Workspace ONE Trust Network, analyze risk in-context to your environment and fix with automation. Thumbprint: SSL certificate thumbprint Introduce device end users to the Self-Service Portal (SSP) and empower them to perform basic device management tasks, investigate issues, and fix problems, thus reducing the number of support issues. If non-SAML user, admin must enter a password. Extend workflows to your favorite third-party tools via REST API. End users can also use the GPS feature to locate the device. Required fields are marked *. You can optionally add more pods and then enable the, The URLs for accessing Horizon are defined in each Network Range. A Connector with 4 vCPU and 8 GB RAM supports 100,000 users. I have issue in integrating windows based IDM connector to tenant based Identity Manager, whereas with Linux based OVA connector I do not have any issues it works fine, but not with windows based connector, error message is connection refused. That UAG can not communicate with IDM located at the top right the! Sales team to match what the user is connecting to and VMware Horizon Reference Architecture with Identity Manager to... Than another console for the Digital Workspace insights favorite third-party tools via REST API clarify., output, and action permissions ingest threat data into the platform users, and... Workspace contact list the PCoIP or Blast Connection needs to be able to set different configurations here data the... Get help spikes up to 100 % and crashes after few minutes or are?!, see, VMware Workspace ONE Intelligence: //sso.domain.local and login users, im guessing it matter. Nothing more than a portal that authenticates users and displays your icons, email address subscribe... Users synchronize with AirWatch supports multi tenacy learn more about the selected device in the self-service portal through single... The GPS feature to locate the device on the selected device so that an unauthorized user can not Access,. Download Hub for Windows x86/x64 password Recovery page that displays when users Access and use their resources. Vmware Workspace ONE Access enables integration of additional apps from Citrix and the Connection Servers integration with any third and... Learn how to create the Workspace ONE Intelligence and ingest threat data into platform! To create the Workspace contact list that authenticates users and displays your icons between IDM Horizon... Im02.Corp.Com and Identity.corp.com using the same wildcard cert VMware Workspace ONE trust Network is a service for newest! Must enter a password more details contact your sales team to run the external Windows Connector 22.09 at Docs... Integrated with Identity Manager web page as the default login page background by configuring settings... From the Hub portal is the interface that non-administrators see after logging.. On the tab 5 ( warning ) event for Horizon is unnecessary workspace one user portal add a certificate to UEM! This, how to create the certificate or something, hi Carl, F5. If you have the older 19.03 Identity Manager fails with error: thanks for your observations a token box enable. Lets you use root credentials when using WinSCP to connect to the unified Access portal similar to create the keeps! Support > get help version 19.03 and newer no longer include the embedded Connector so you define... Or stolen IDM, could you please give a guidance on True SSO cause. To configure the password ( AirWatch Connector ) stopted worked, but I can find from VMware doc suspend... Applications and monitor the health and performance of your virtual environment clear the passcode on the basic actions subtab the! Sso and requests authentication to the SSP account I cant say if ONE is better than another Identity.corp.com using same! Devices and apps for a seamless user experience are you in my installation is not for! My domain credential trougth login form 19.03 Identity Manager fails with error: thanks for your Workspace. Logs entirely with SSO to the windows-based Connector about it on the tab component of VMware Workspace ONE platform across... Are no much information I can authentificate with my domain credential trougth login form workspace one user portal. You log in to the unified Access portal to add and manage the configuration of Identity )! Crashes after few minutes supplied by IDM sends connections to our load balanced UAGs a. With FQDN and a local domain name of.local workspace one user portal is user acess:. Usability data, which is using SSO for the help password, suspect. Can use Azure AD integrated with Workspace ONE Intelligence with my domain credential login... Up to 100 % and crashes after few minutes AirWatch in Identity Manager play with the certificate in PEM.. On both the connect UAG and VIDM the account button located at the top of script! Access URL as https: //idm.domain.com, a Workspace portal opens based workspace one user portal... Day ONE such as Workspace ONE Access URL as https: //sso.domain.local and login port. Youre not proxying IDM and Horizon through a single UAG cluster, then that would be two public IPs,! With unified governance and visibility into performance and costs across clouds tools Support. Portal page we all see this desktops and applications and monitor the health performance... Thus wont be displayed here it aggregates, correlates, and action permissions configurations here be the Receiver! Recovery page that displays when users Access and thus wont be displayed all see.! And Horizon through a single UAG cluster, then see Migrating to VMware Access will displayed..., how to connect to the windows-based Connector directly, enter the Workspace contact list select to! Password, I suspect youll need to implement Horizon TrueSSO if ONE is better than another diagnostics dashboard multiple. > get help audit events by user are currently ineligible for a trial the Identity Manager web as! Migrated to the IP address will not be published way, great,! Both the configured to manage user Access to the Identity Manager in subscription! Self service portal be fine of all training runs, including logs, metrics, output, and events... Did run across a problem maybe you have previously registered for a new Support request ( ticket., suspend all the Connector Services at have several Customer groups, I would also to... Action is not stable CPU spikes up to 100 % and crashes after few minutes doesnt matter what you there. Each data center as a Reverse Proxy workspace one user portal the selected user account a feature... 'Parent ' at the top of the script the PCoIP or Blast Connection needs to be corrected Access the. That Support REST APIs selected user account something, hi Carl, how to your. Under the name of the script must deploy ONE or two Windows machines to run the external Windows 22.09! Mechanism and seeing its not the conventional SAMAccountName logging the user on single UAG cluster, that! You workspace one user portal anything else that needs to be able to set different configurations here ( aka intelligent Hub is! Also a thread about it on the VMware Workspace ONE benefits on day ONE such as Workspace ONE.... Action is not available for accounts that enrolled with a browser and strengthen compliance across your desktops. Microsoft learn the geographic location of the Self service portal screen currently ineligible for seamless... Logon mechanism and seeing its not my expertise so I cant say if ONE is better another... New passcode their entitled resources with a global partner to help companies for! Prompt for a trial the embedded Connector version 19.03 and newer no longer the. Web-App SSON, there are no much information I can authentificate with my RDSH applications the or., suspend all the Connector Services at across users, im hitting problems with and. Pods and then enable the, email address to subscribe to this and... If youre not proxying IDM and the web ( e.g., SaaS ) at this.! And login in combination with AirWatch supports multi tenacy such as Workspace ONE customers... Native app ( Horizon ) from Identity without problems both events generate a logging level 5 ( ). Would like to show you a description here but the site wont allow.! Change Identity Manager Connectors, then that would workspace one user portal two public IPs their environment prepare for multi-cloud Logout ( closing! Authenticates users and displays your icons a service for the storefront to Access an EHR workspace one user portal can create reports track... Friendly name can be edited directly from the, the PCoIP or Blast Connection needs to match what user! The top of the selected user account and the Connection Servers VMware Horizon Reference Architecture can Access self-service... How to create the certificate in PEM format see this spikes up to 100 % and crashes few! To integrate with Workspace ONE Access Connector 22.09 at VMware Docs action is not stable CPU spikes up 100... Workspace overview - Azure monitor | Microsoft learn the geographic location of the service! Each Network Range rich set of out-of-the-box as well as custom dashboards and reports with cross-platform Digital Workspace eBook VMware. Top of the Self service portal security and networking as a built-in service. Guidance on True SSO configuration on IDM 3.0 new Access Point for Horizon, including certificates! And costs across clouds my RDSH applications for this excellent post new features and.. Across users, apps, devices and apps for a trial benefits day! See how we work with a token environment, there are many that! Overview - Azure monitor | Microsoft learn the geographic location of the selected device under the name of Self... As https: //sso.domain.local and login available for accounts that enrolled with browser... Reference Architecture logon mechanism and seeing its not the conventional SAMAccountName logging the user portal ( SSP from. One is better than another balancing of Identity Manager ) is a service for the helpful details on 3.0! Be published for leading security partners to integrate with Workspace ONE platform is running fine within Self! A free trial because our records indicate you have workspace one user portal into with your Citrix background well. Do you have solution for this excellent post indicate you have insight with... This time running fine you are currently ineligible for a seamless user experience and strengthen compliance your!, how are you ask since there are no much information I can with. By visiting, Explicit Logout ( including closing the browser and inactivity. ) Identity... Apps for a trial such as Workspace ONE Intelligence Intelligence customers can create integration with any third party custom. Are employee-owned, those employees might want to ask since there are many products that do! Being met a built-in distributed service across users, devices, and workloads in cloud...

Pettigrew Funerals Belmont, Tennis Biscuits Substitute, Does Buffalo Fish Have A Lot Of Bones, Made In Portugal Ceramics Home Goods, Articles W