You integrate your Active Directory with Workspace ONE Access and configure attributes to synchronize users and groups to enable identity and access management in the SDDC.

Procedure

  1. In a Web browser, log in to the Workspace ONE Access cross-region cluster by using the administration interface.
    Setting Value
    URL https://wsa01svr01.rainpole.local/admin
    User name configadmin
    Password wsa01svr01_configadmin_password
    Domain System Domain
  2. On the main navigation bar, click Identity and access management.
  3. Click the Directories tab, and from the Add directory drop-down menu, select Add Active Directory over LDAP/IWA.
  4. On the Add directory page, configure these settings, and click Save and next.

    Setting

    Value

    Directory name

    rainpole.local

    Active Directory (integrated Windows authentication)

    Selected

    Sync connector

    wsa01svr01a.rainpole.local

    Do you want this connector also perform authentication

    Yes

    Directory search attribute

    sAMAccountName

    Domain name

    rainpole.local

    Domain admin user name

    svc-domain-join

    Domain admin password

    svc-domain-join_password

    Bind user name

    svc-wsa-ad

    Bind user password

    svc-wsa-ad_password

  5. On the Select the domains page, configure these settings and click Next.

    Setting

    Value

    rainpole.local (RAINPOLE)

    Selected

    sfo01.rainpole.local (SFO01)

    Selected
  6. On the Map user attributes page, review the attribute mappings and click Next.
  7. On the Select the groups you want to sync page, configure these settings.

    Setting

    Value

    Sync nested group members

    Selected

    Specify the group DN

    Click the plus icon and enter OU=Security Groups,DC=rainpole,DC=local.
  8. For each group DN, click Select, select the group to use by the cross-region Workspace ONE Access cluster, click Save, and click Next.

    Product

    Value

    Workspace ONE Access

    ug-wsa-admins

    ug-wsa-directory-admins

    ug-wsa-read-only

    vRealize Suite Lifecycle Manager

    ug-vrslcm-admins

    ug-vrslcm-content-admins

    ug-vrslcm-content-developers

    vRealize Operations

    ug-vrops-admins

    ug-vrops-content-admins

    ug-vrops-read-only

    vRealize Automation

    ug-vra-org-owners

    ug-vra-cloud-assembly-admins

    ug-vra-cloud-assembly-users

    ug-vra-service-broker-admins

    ug-vra-service-broker-users

    ug-vra-orchestrator-admins

    ug-vra-orchestrator-designers

    ug-vra-project-admins-sample

    ug-vra-project-users-sample
  9. On the Select the users you want to sync page, configure these settings and click Next.

    Setting

    Value

    Specify the user DN

    Click the plus icon and enter OU=Security Users,DC=rainpole,DC=local.
  10. On the Review page, click Edit, from the Sync frequency drop-down menu, select Every 15 minutes, and click Save.
  11. To initialize the directory import, click Sync directory.