You can modify your initial Active Directory setup or add a new directory to sync groups and users.

From the Enterprise Federation dashboard in your Management Organization, you can:
  • Ensure groups and users from your Active Directory are synced regularly for federation with VMware Cloud Services by configuring the desired sync frequency.
  • Reduce risk of errors during directory syncs you set safeguards that limit the number of changes that can be made to users and groups. By default, there are no pre-set safeguards to your federation setup.
  • Modify the mapping of the attributes from your directory services to the attributes that are configured to sync with the hosted Workspace ONE Access tenant.
  • Add multiple directories for group and user sync with your federated domains.

Prerequisites

To make changes to the initial federation setup, you must be logged in the Management Organization for your enterprise as an Enterprise Administrator.

Procedure

  1. In the Cloud Services Console, click Enterprise Federation.
    The Enterprise Federation dashboard displays.
  2. Do one of the following:
    To Do this:
    Add a new directory.
    1. In the Directories section of the Enterprise Federation dashboard, click Add Directory.
    2. Follow the prompts in the Add a Directory workflow that opens.

      The steps for adding a new directory to your enterprise setup are the same as those you followed in the initial setup. For more information, refer to Step 3: Add Groups and Users.

      After completing the workflow, the synced new directory appears in the Directories section of the dashboard.
    Change the sync frequency of a directory.
    1. In the Directories section of the Enterprise Federation dashboard, click the tile of the directory for which you want to change the sync frequency.
    2. In the Sync settings section, click the Sync frequency tab.
    3. Click Edit.
    4. Select a menu item from the Sync frequency drop-down menu.
    5. If applicable, select Day and Time.
    6. Click Save.
    Add or change sync safeguards of a directory.
    1. In the Directories section of the Enterprise Federation dashboard, click the tile of the directory for which you want to add safeguards.
    2. In the Sync settings section, click the Safeguards tab.
    3. Click Edit.
    4. Using the drop-down menus, set the preferred sync failure limits.

      Each line of drop-down menus corresponds to one safeguard setting.

    5. To create additional safeguards, click Add.
    6. When ready, click Save.

      The safeguards you defined are displayed as a list of entries in the Safeguards tab for the directory.

      You edit or delete safeguards by clicking Edit.
    Adjust the mapped attributes of a directory.
    1. In the Directories section of the Enterprise Federation dashboard, click the tile of the directory for which you want to modify attributes mapping.
    2. In the Sync settings section, click the Mapped Attributes tab.

      You see two lists of attribute names. The attributes listed in the Attribute name column are mapped to the attributes in your active directory displayed in the Attribute name in Active Directory column.

    3. To modify the mapping for an attribute, click Edit.
    4. Use the drop-down menu arrow in the right column to select a different attribute mapping from your active directory.
      Note: You can't change userName attribute mapping.
    5. Click Save.