You can integrate your enterprise directory with VMware Identity Manager to sync users and groups to the VMware Workspace ONE Access service. Updates made in the directory configuration from VMware Aria Suite Lifecycle are reflected in VMware Workspace ONE Access.
You can create, read, update, and delete directories in VMware Workspace ONE Access.
VMware Aria Suite Lifecycle uses the terms VMware Workspace ONE Access and VMware Identity Manager interchangeably.
- Directories - You can create and manage Active Directories on VMware Aria Suite Lifecycle. You can create one or more directories and sync them with their enterprise directories. With view directory, you can check sync logs and sync alerts apart from showing basic directory metadata. The directory edit allows an update for the mapped attributes, user, and group DNs. You can delete a directory configuration from VMware Aria Suite Lifecycle.
- User Attribute Definitions - The user attributes lists the default user attributes that sync in the directory and you can add other attributes that you can map to Active Directory attributes.
Supported directories
- Active Directory over LDAP - If you plan to connect to a single Active Directory domain environment, create this directory type
- Active Directory, Integrated Windows Authentication - Create this directory type if you plan to connect to a multi-domain or multi-forest Active Directory environment.
- Secure LDAP
Note: For a FIPS-enabled VMware Workspace ONE Access, the bind password must be of fourteen characters.
- Create a directory of the same type as your enterprise directory and specify the connection details.
- Map the VMware Workspace ONE Access attributes to attributes used in your Active Directory or LDAP directory.
- Specify the users and groups to sync.
- Sync users and groups.
After you integrate your enterprise directory and perform the initial sync, you can update the configuration and resync at any time.
Configuring user attribute definitions
When you use VMware Aria Suite Lifecycle configure a directory to sync with Active Directory, specify the user attributes.
Before you configure the directory, specify all required default attributes. You can also add and map additional attributes for the Active Directory.
Changing the default attributes from a required to non-required and marking an attribute to be required can be done only if there are no directories created. After the directories are created and synced, they cannot be changed.
You can mark the required and non-required attributes before adding any directory in the directories page. When you add new custom attributes after the directories are created, to map them you have to edit the directory and update the directory attribute mapping. The change takes effect the next time that the directory is synced to Active Directory.