VMware Identity Manager with Directory Services

by | Apr 16, 2022 | MDM, VMware Workspace ONE

The admin is enabled to consolidate a list of the organization’s suggested Web apps and native mobile apps using VMware Identity Manager together with Workspace ONE UEM in unified application catalogs. Workspace ONE UEM is not allowed to receive directory changes from Identity Manager by this functionality. End-users must sign in only once using Workspace ONE after directory integration settings are configured between the Workspace ONE UEM instance and VMware Identity Manager. Access to all your organization’s available apps is enabled with a Single sign-on without the need to sign in each time.

Requirements

complete the following before the admin can integrate directory services with VMware Identity Manager:

  • VMware Enterprise Systems is set up and configured with the Workspace ONE UEM environment.
  • For the selected organization group, set up and configure Directory service integration and not inherit settings from a parent organization group.
  • Accept the End User License Agreement (EULA) within the VMware Identity Manager console. This EULA shows when the admin first opens the Console.

Between Workspace ONE UEM and VMware Identity Manager Synchronization Procedure

Directory information Synchronization in between Workspace ONE UEM and VMware Identity Manager takes place on a similar schedule like the Workspace ONE UEM directory sync. When an administrator adds manually or from a bulk import, users are also immediately synced to VMware Identity Manager.

Also, Just-in-Time provisioning (JIT) is supported by integrating VMware Identity Manager. The first time users log in using an enrollment or self-service portal, users who have directory accounts, their accounts are automatically synced to VMware Identity Manager. Manual synchronisation is not required to immediately add a single user to VMware Identity Manager.

Manage Directory Services Integration with VMware Identity Manager Integration

Between Workspace ONE UEM and Identity Manager, after the admin binds the directory settings, they can perform some management actions within the settings page. Go to groups & Settings, navigate to All Settings, go to system, select Enterprise Integration, click on VMware Identity Manager, and select Configuration.

On the settings page, the admin can perform the following actions:

  • For Directory Services configuration, edit the VMware Identity Management by selecting the Edit button.
  • By selecting the Delete button, delete the Configuration.
  • Within the directory services and VMware Identity Management, initiate a synchronization of the structures by selecting the sync Now button.

Integrate VMware Identity Manager with Directory Services

The admin is enabled to consolidate a list of the organization’s suggested Web apps and native mobile apps using VMware Identity Manager together with Workspace ONE UEM in unified application catalogs. This functionality restricts Workspace ONE UEM from receiving directory changes from Identity Manager. To configure server-related settings, use the following instructions.

  1. Go to Groups & Settings, navigate to All Settings, go to system, select Enterprise Integration, click on VMware Identity Manager, and select Configuration.
  2. Provide the server information.
  • URL: By entering the URL of your VMware Identity Manager tenant, bind to Workspace ONE UEM.
  • For VMware Identity Manager, a valid license is required.
  • Admin Username: Provide the administrator user name, which is case-sensitive.
  • Admin Password: Provide the administrator password, which is case-sensitive.
  1. By selecting the Test Connection button, verify that proper connectivity is established.
  2. Select Next to save the selections and move on to the next configuration screen.
  • Directory: Based on the existing Directory in Workspace ONE UEM, Workspace ONE UEM imports the directory name. Provide the same directory credentials as used by VMware Identity Manager.
  • Enable Custom Mapping: To map the directory integration in Workspace ONE UEM, enable custom mapping as applicable to VMware Identity Manager so they are in sync.

Most directory service configurations utilize Standard mapping. For customers who have a customized configuration between a directory service and Workspace ONE UEM or have otherwise non-standard directory service, database value mapping Custom mapping attributes are used.

  • External: A user’s source is identified in case multiple users possess the same user name.
  • Password: Provide the Directory services user’s password.
  • UserStore: The name of the user store is provided to which a user belongs.
  • Disabled: Whether the directory account is disabled is indicated.
  • DistinguishedName: Select the distinguished name from the drop-down listing for the directory services user.
  • Domain: from the drop-down listing, select the domain name.
  • Email: Provide the Directory service user’s email address.

According to this attribute, the email address mapped must be the same email that was used in the original Configuration between Workspace ONE UEM and directory services. Otherwise, the user’s entire by this setting and by this extension account syncs incorrectly.

  • EmployeeID: From the drop-down listing, select the employee ID.
  • First name*: Provide the Directory service user’s first name.
  • Last name*: Provide the Directory service user’s last name.
  • Phone: Provide the Phone number of the directory service user.
  • Roles: Select the Default role of the directory service user.
  • User name*: User name related to the directory services.
  • UserPrincipalName: Select the principal user name from the drop-down listing for the Directory services user.

* for both Standard and Custom attribute mapping, represents the Required settings. Default settings are the mapping attribute settings presented here. The admin can add more attributes.

  1. To save your Configuration, click the Save button and refresh the page. On the Summary page, the admin can view all the details.
  2. Within the directory services and VMware Identity Management, initiate a synchronization of the structures by selecting the sync Now button.

Enable and Export AirWatch Certificate Authority

The admin can generate the AirWatch issuer root certificate when VMware Identity Manager is enabled in Workspace ONE UEM, and on managed iOS 9 mobile devices, Export the certificate for use with the Mobile SSO for iOS authentication.

  1. Go to Groups & Settings, navigate to All Settings, go to system, select Enterprise Integration, go to VMware Identity Manager and click on Configuration. The organization group must be a Customer to enable AirWatch Certificate Authority. Go to Groups & Settings, navigate to Groups, go to Organization Groups, and click on Organization Group Details to view or change the group type,
  2. Click Enable in the Certificate section. The issuer root certificate details are displayed in this section.
  3. Click on Export and save the file.

Author

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.