If you have a directory services infrastructure such as Active Directory (AD), Lotus Domino, and Novell e-Directory, you can apply existing users and groups in AirWatch.

If you do not have an existing directory services infrastructure or you choose not to integrate with it, you must perform Basic Enrollment. Basic enrollment means manually creating AirWatch user accounts.

Note:

While AirWatch supports a mix of both Basic and Directory-based users, you typically use one or the other for the initial enrollment of users and devices.

Pros and Cons

  Pros Cons

Basic Enrollment

  • Can be used for any deployment method.
  • Requires no technical integration.
  • Requires no enterprise infrastructure.
  • Credentials only exist in AirWatch and do not necessarily match existing corporate credentials.
  • Offers no federated security.
  • Single sign on not supported.
  • AirWatch stores all usernames and passwords.

Directory Service Enrollment

  • End users authenticate with existing corporate credentials.
  • Can automatically detect and sync changes from the directory system into AirWatch.
  • Secure method of integrating with your existing directory service.
  • Standard integration practice.
  • SaaS deployments using the VMware Enterprise Systems Connector require no firewall changes and offers a secure configuration to other infrastructures, such as Microsoft ADCS, SCEP, and SMTP servers.
  • Requires an existing directory service infrastructure.
  • SaaS deployments require additional configuration due to the VMware Enterprise Systems Connector being installed behind the firewall or in a DMZ.