Active Directory (AD)/Lightweight Directory Access Protocol (LDAP) authentication is used to integrate user and admin accounts of AirWatch with existing corporate accounts.

Pros

  • End users now authenticate with existing corporate credentials.
  • Secure method of integrating with LDAP / AD.
  • Standard integration practice.
  • Can be used for Workspace ONE Direct Enrollment.

Cons

  • Requires an AD or other LDAP server.

AD_LDAP_Authentication

  1. Device connects to AirWatch MDM to enroll device. User enters their directory services user name and password.
    • User name and password are encrypted during transport.
    • AirWatch does not store the user's directory services password.
  2. AirWatch queries the client's directory services through a secure LDAP protocol over the Internet using a service account for authentication.
  3. The user's credentials are validated against the corporate directory service.
  4. If the user credentials are valid, the AirWatch server allows the device to complete a device enrollment.

For more information, see Workspace ONE Direct Enrollment.