Integrating your enterprise directory with Workspace ONE Access requires you to install the Directory Sync service, create a directory in the Workspace ONE Access service, and configure the connection to your enterprise directory.
Directory Sync Service
The Directory Sync service syncs user and group data from your Active Directory or LDAP directory to the Workspace ONE Access service. The Directory Sync service is a component of the Workspace ONE Access connector that you deploy on premises inside your enterprise network.
Workspace ONE Access Directory
The directory you create in the Workspace ONE Access service corresponds to the Active Directory or LDAP directory in your environment. This directory uses attributes to define users and groups. You create one or more directories in the Workspace ONE Access service and then sync those directories with your Active Directory or LDAP directory. You can create the following directory types in the service.
- Active Directory
- Active Directory over LDAP: Create this directory type if you plan to connect to a single Active Directory domain environment. For the Active Directory over LDAP directory type, the Directory Sync service binds to Active Directory using simple bind authentication. The connection to Active Directory could be over SSL/TLS.
- Active Directory over Integrated Windows Authentication: Create this directory type if you plan to connect to a multi-domain or multi-forest Active Directory environment. The Directory Sync service binds to Active Directory using Integrated Windows Authentication. The connection to Active Directory could be over SSL/TLS.
The type and number of directories that you create varies depending on your Active Directory environment, such as single domain or multi-domain, and on the type of trust used between domains. In most environments, you create one directory.
- LDAP Directory
Create an LDAP directory to integrate your enterprise LDAP directory with Workspace ONE Access. You can only integrate a single-domain LDAP directory. Workspace ONE Access supports paged search queries and VLV for Oracle OpenLDAP.
Integrating your enterprise directory with Workspace ONE Access involves the following high-level tasks.
- Install the Directory Sync service.
A single instance of the Directory Sync service can sync multiple directories if the sync schedules do not overlap.
- Specify the attributes that you want users to have in the Workspace ONE Access service.
- Create a directory in the Workspace ONE Access service of the same type as your enterprise directory and configure the connection to the enterprise directory.
- Map the Workspace ONE Access attributes to attributes used in your Active Directory or LDAP directory.
- Specify sync settings.
- Specify users and groups to sync.
- Sync users and groups.
After you integrate your enterprise directory and perform the initial sync, you can update the configuration, set up a sync schedule to sync regularly, or start a sync at any time.