During the Workspace ONE Access directory setup, you select the user attributes to sync to the Workspace ONE Access directory. The list of user attributes is managed from the page.
|Workspace ONE Access Directory Attribute Name||Default Mapping to Active Directory Attribute|
|domain||canonicalName. Adds the fully qualified domain name of object.|
|disabled (external user disabled)||userAccountControl. Flagged with UF_Account_Disable
When an account is disabled, users cannot log in to access their applications and resources. The resources that users were entitled to are not removed from the account so that when the flag is removed from the account users can log in and access their entitled resources
The following attributes cannot be used as custom attribute names because the Workspace ONE Access service uses these attributes internally for user identity management.
Attributes on the User Attributes page apply to all directories in the Workspace ONE Access service. When you make changes to user attributes, consider the effect on all directories. For example, if you plan to add both Active Directory and LDAP directories, ensure that you do not mark any attributes required except for userName. If an attribute is marked required, users without that attribute are not synced to the Workspace ONE Access service.
When you create a directory, the list of attributes from the User Attributes page appears on the Mapped Attributes page of the Add Directory wizard and you can specify the mapping between the Workspace ONE Access attributes and the Active Directory or LDAP directory attributes. After you create the directory, the Mapped Attributes page is available from the directory's Sync Settings page.
Changes that are made and saved in the User Attributes page after a directory is created are applied to the directory with the next sync.