To enable identity and access management in the SDDC, you integrate your Active Directory with the clustered Workspace ONE Access instance and configure attributes to synchronize users and groups.
- In a web browser, log in to the clustered Workspace ONE Access instance by using the administration interface to the System Domain with configadmin user (https://<wsa_cluster_fqdn>/admin).
- On the main navigation bar, click Identity and access management.
- Click the Directories tab, and from the Add directory drop-down menu, select Add Active Directory over LDAP/IWA.
- On the Add directory page, configure the following settings, click Test connection and click Save and next.
Enter a name for directory.
For example, sfo.rainpole.io.
Active Directory over LDAP
Select the FQDN of vidm-primary
Do you want this connector to also perform authentication?
Directory search attribute
This Directory requires all connections to use STARTTLS (Optional)
If you want to secure communication between Workspace ONE Access and Active Directory select this option and paste the Root CA certificate in the SSL Certificate box.
Enter the Base Distinguished Name from which to start user searches.
For example, cn=Users,dc=sfo,dc=rainpole,dc=io.
Enter the DN for the user to connect to Active Directory.
For example, cn=svc-wsa-ad,ou=Service Accounts,dc=sfo,dc=rainpole,dc=io.
Bind user password
Enter the password for the Bind user.
For example: svc-wsa-ad_password.
- On the Select the domains page, review the domain name and click Next.
- On the Map user attributes page, review the attribute mappings and click Next.
- On the Select the groups (users) you want to sync page, enter the distinguished name for the folder containing your groups (For example OU=Security Groups,DC=sfo,DC=rainpole,DC=io) and click Select.
- For each Group DN you want to include, select the group to use by the clustered Workspace ONE Access instance for each of the roles, and click Save then Next.
Role Assigned via Group
Workspace ONE Access
vRealize Suite Lifecycle Manager
- On the Select the Users you would like to sync page, enter the distinguished name for the folder containing your users (e.g. OU=Users,DC=sfo,DC=rainpole,DC=io) and click Next.
- On the Review page, click Edit, from the Sync frequency drop-down menu, select Every 15 minutes, and click Save.
- To initialize the directory import, click Sync directory.