You create one local user at a time in the Workspace ONE Access service. When you add the user, you select the local directory that is configured with the local user attributes to use and the domain that the user signs in to.

In addition to adding user information, you select the user role, either as user or admin. The admin role allows the user to access the administration console to manage the Workspace ONE Access services.


  • Local directory created.
  • Domain identified for local users.
  • User attributes that are required selected in the local directory User Attributes page.
  • Password policies configured.


  1. In the Workspace ONE Access console Accounts > Users page, click NEW.
  2. In the Directory page, select the local directory and domain for this user.
  3. The User role is selected. If this user is an admin, in the Roles section select the admin roles to be added.
  4. Click NEXT.
  5. In the User Profile page, add the user information, and click NEXT to review the information that is configured.
  6. If everything is correct in the Summary page, click SAVE.


The local user is created. An email is sent to the user asking them to sign in to enable their account and create a password. The link in the email expires according to the value set in the Password Policy page. The default is seven days. If the link expires, you can click RESET PASSWORD in the user's account page to resend the email notification.

A user is added to existing groups based on the group attribute rules that are configured.

What to do next

Go the local user account to review the profile, add the user to groups, and entitle the user to the resources to use.

If you created an admin user in the system directory who is entitled to resources that are managed by a specific access policy, make sure that the application policy rules include Password (Local Directory) as a fallback authentication method. If Password (Local Directory) is not configured, the admin cannot sign in to the app.