You can create local users in the Workspace ONE Access service to add and manage users who are not provisioned in your enterprise directory. You can create different local directories and customize the attribute mapping for each directory.

Note: This feature is not available for a Workspace ONE Access tenant that has VMware Identity Services enabled. See the Unsupported Workspace ONE Features topic in the Configuring User Provisioning and Identity Federation with VMware Identity Services guide.

You create a directory and select attributes and create custom attributes for that local directory. The required user attributes userName, lastName, firstName, and email are specified at the global level in the console Settings > User Attributes page. In the local directory user attribute list, you can select other required attributes and create custom attributes to have custom sets of attributes for different local directories. See the Directory Integration with Workspace ONE Access guide.

Create local users when you want to let users access your applications but do not want to add them to your enterprise directory.

  • You can create a local directory for a specific type of user that is not part of your enterprise directory. For example, you can create a local directory for partners, who are not usually part of your enterprise directory, and provide them access to only the specific applications they need.
  • You can create multiple local directories if you want different user attributes or authentication methods for different sets of users. For example, you can create a local directory for distributors that has user attributes labeled region and market size. You create another local directory for suppliers that has user attribute labeled product category.

You configure the authentication method local users use to sign in to your enterprise Web site. A password policy is enforced for the local user password. You can define the password restrictions and password management rules.

After you provision a user, an email message is sent with information about how to sign in to enable their account. When they sign in, they create a password and their account is enabled.