To provide directory-based account access, the organization’s existing directory services – such as Lotus Domino, Active Directory, and Novell e-Directory integrates with Workspace ONE UEM Powered by AirWatch. Users are enabled to authenticate with Workspace ONE UEM apps with this type of account access and enrol devices using existing directory service credentials.
The need to create basic user accounts is eliminated by integrating with directory services in the organization. Such integration can also help simplify the enrollment process by applying the information they already know for end-users.
Any changes within the system are detected by ongoing LDAP synchronization. Across all devices, this synchronization performs necessary updates for affected users. This synchronization obtains approval in cases where administrative approval is required before changes occur. Checking against existing directory users, the admin may also migrate Basic Users to LDAP Users.
Many benefits are offered by integrating Workspace ONE UEM with the directory service:
- For both users and administrators, enrollment can be conducted
- Directory groups can be mapped to Workspace ONE UEM user groups.
- UEM console access is controlled.
- For VMware Content Locker access, apply existing credentials.
- Assign profiles, apps, and policies by user group.
- When they go inactive, automatically retire end users.
The following sections detail how to integrate the Workspace ONE UEM environment with the directory service of choice. Also, how to integrate user groups in Workspace ONE UEM and add directory user accounts to Workspace ONE UEM.
Requirements, Setup, and User Integration
Integration with directory service based on Lightweight Directory Access Protocol (LDAP) is supported by Workspace ONE UEM with:
- Functional Level (2016, 2012, or 2008) for Microsoft Active Directory
- Novell e-Directory
- Lotus Domino
For an unencrypted LDAP communication, the default port is 389. Using Port 636, Software as a Service (SaaS) environments can utilize SSL encrypted traffic.
Ensure that the Directory Sync Service and the Scheduler Service are executed on the same server since they read from and write to the same queues.
For the admin to manage devices and users, the admin must designate an existing organization group (OG) as the primary root OG.
In Workspace ONE UEM, Directory services (and VMware Enterprise Systems Connector when used) must be toggled as enabled at the level of this root OG.
Directory User Group Integrations
The admin can make the same user groups in Workspace ONE UEM if they have user groups in their directory structure. In case the admin changes the active directory user group assignments, enable integrated updates, so those same changes are made in Workspace ONE UEM. Learn Directory Services Setup here.