To provide role-based access control and identity services to the SDDC, you deploy a standalone Workspace ONE Access instance and integrate it with all NSX Manager instances.


  • Verify that the VMware Workspace ONE Access OVA file is available.

  • Verify that there is enough free storage on the vSAN datastore (Required storage: 5.2 GB)

  • Verify that a signed certificate, generated by the CertGenVVS utility (see, is available for the standalone Workspace ONE Access instance.

  • Verify you have access to the Active Directory root certificate file if using Active Directory over LDAPS.

  • Verify that the domain user to be used as the bind account in Active Directory, with read-only access permission to the base DN for users and groups, is created and configured.

  • Verify that all necessary security groups in Active Directory for each Workspace ONE Access role you assign access to are created and configured.