The Enterprise Connector & Directory setup wizard walks you through the steps to set up the VMware Enterprise Systems Connector to allow the components of Workspace ONE, AirWatch, and VMware Identity Manager to communicate with your Active Directory.

About this task

Installing the full VMware Enterprise Systems Connector, including the identity manager component, is the recommended configuration. The VMware Identity Manager service uses the identity management directory synchronization channel in the connector, instead of the AirWatch's ACC channel. This option provides the best compatibility with advanced active directory environments.

Note:

VMware Enterprise System Connector configuration is always required for SaaS customers. On-premises customers might require this connector depending on their network architecture. Consult the VMware AirWatch Reference Architecture guide for recommendations and more information.

Prerequisites

To install the Enterprise System Connector, the following is required. See the VMware Enterprise Systems Connector Installation and Configuration guide for prerequisites and other detailed information.

  • Secure Channel Certificate installed to establish security between AWCM and AirWatch Console, Device Services, API, and the Self-service Portal

  • Log in to the VMware Identity Manager admin console as the local administrator and generate an activation code.

    1. Go to the Identity & Access Management > Setup tab.

    2. On the Connectors page, click Add Connector. Enter the name for the connector.

    3. Click Generate Activation Code.

    4. Copy the activation code and save it to use when you set up the connector.

Procedure

  1. Log into the AirWatch console with the admin password. If necessary, create a password.
  2. Accept the terms of use and set up the password recovery questions and security PIN.
  3. For on-premises deployments, either create or select the customer-level organization group to run the wizard.

    The customer-level organization group is the only level where the Getting Started wizard is available.

  4. Select Getting Started > Workspace ONE.
  5. In the Enterprise Connector & Directory section, click Configure.
  6. To download the VMware Enterprise Systems Connector, create a password and click Download VMware Enterprise Systems Connector Installer.

    To install the AirWatch ACC channel, click Skip and complete the ACC directory setup. See Creating ACC Active Directory.

  7. Run the VMware Enterprise Systems Connector installer. Review the install shield wizard steps.
  8. After the installation of the connector is finished, click Test Connection.
  9. Click Continue.

    The Settings > Enterprise Integration > Directory Services page is displayed.

  10. If asked, select Add Active Directory over LDAP/IWA.
  11. Enter the Active Directory server details.

    Option

    Description

    Directory Name

    Add a name to identify this directory.

    Directory Type

    Select Active Directory over LDAP.

    Directory Sync and Authentication

    Select the connector you installed. This connector syncs with Active Directory.

    Authentication is set to Yes.

    The Directory Search Attribute is usually set to sAMAccountName.

    Server Location

    Select this box to use the DNS Service Location records to locate the Active Directory domains. If you do not use DNS Service Location lookup, deselect the check box and enter the Active Directory server host name and port. The default port number is 389.

    Certificates

    If your Active Directory requires STARTTLS encryption, select the check box below and provide the Root CA certificate.

    Note:

    If the Active Directory requires STARTTLS and you do not provide the certificate, you cannot create the directory.

    Bind User Details

    Base DN Enter the DN from which to start account searches. For example, OU=myUnit,DC=myCorp,DC=com.

    Bind DN Enter the account that can search for users. For example, CN=binduser,OU=myUnit,DC=myCorp,DC=com.

    Bind DN Password Enter the bind account password. Using a Bind DN user account with a non-expiring password is recommended.

  12. Click Test Connection to verify connectivity.
  13. Click Save.

What to do next

For directory service with VMware Identity Manger, review the user attributes that sync from Active Directory and select groups and users to sync.

  • Go to the VMware Identity Manager admin console, Identity & Access Management page, Setup > User Attributes to verify users and group attributes.

  • To manage the sync settings including adding users and groups, go to the Manage > Directories page and select the directory's Sync Settings view.

Run the Mobile Single Sign wizard to configure mobile SSO for iOS, Android, and Windows 10 devices.