AirWatch integrates with your organization's existing directory service – such as Active Directory, Lotus Domino, and Novell e-Directory – to provide directory-based account access. This type of account access lets users authenticate with AirWatch apps and enroll devices using their existing directory service credentials.

Integrating with directory services eliminates the need to create basic user accounts in your organization. Such integration can also help simplify the enrollment process for end users by applying information they already know.

Ongoing LDAP synchronization detects any changes within the system. This synchronization performs necessary updates across all devices for affected users. In cases where administrative approval is required before changes occur, this synchronization obtains such approval.

You may also migrate Basic Users to LDAP Users, checking against existing directory users. For more information, please see the Migrating Basic users to Directory (AD) users KB article: https://support.air-watch.com/solutions/1859.

Integrating AirWatch with your directory service provides many benefits.

  • Conduct enrollment for both users and administrators.
  • Map directory groups to AirWatch user groups.
  • Control AirWatch Console access.
  • Apply existing credentials for VMware Content Locker access.
  • Assign apps, profiles, and policies by user group.
  • Automatically retire end users when they go inactive.

The following sections explain how to integrate your AirWatch environment with your directory service of choice. Also, how to add directory user accounts to AirWatch and how to integrate user groups in AirWatch Express .

Requirements, Setup, and User Integration

Learn about which Lightweight Directory Access Protocol (LDAP)-based directory services you need, which ports to use, and what organization group to designate as the root. For more information, see Requirements for Directory Services.

The Directory Services page in system settings enables you to integrate AirWatch with your organization's domain controller. Security Assertion Markup Language (SAML) settings can also be configured on this page. For more information, see Directory Services Setup Overview.

Provide everyone in your organization with an AirWatch account (required if users intend to use an AirWatch managed device) by integrating your directory users. For more information, see Directory Service User Integration Overview.

Directory User Group Integrations

If you have user groups in your active directory structure, you can make the same user groups in AirWatch. Enable integrated updates so when you change your active directory user group assignments, those same changes get made in AirWatch. For more information, see Directory User Group Integration Overview.