The authentication proxy delivers directory services integration across the cloud or across hardened internal networks. In this model, the AirWatch MDM server communicates with a publicly facing Web server or an Exchange ActiveSync Server. This arrangement authenticates users against the domain controller.


  • Offers a secure method to proxy integration with AD/LDAP across the cloud.
  • End users can authenticate with existing corporate credentials.
  • Lightweight module that requires minimal configuration.


  • Requires a public facing Web server or an Exchange ActiveSync server which ties into an AD/LDAP server.
  • Only feasible for specific architecture layouts.
  • Much less robust solution than VMware Enterprise Systems Connector.


  1. Device connects to AirWatch to enroll device. User enters their directory services user name and password.
    • User name and password are encrypted during transport.
    • AirWatch does not store the user's directory services password.
  2. AirWatch relays the user name and password to a configured Authentication Proxy endpoint that requires authentication (for example, Basic Authentication).
  3. The user's credentials are validated against the corporate directory services.
  4. If the user credentials are valid, the AirWatch server allows the device to complete a device enrollment.