You can integrate your enterprise LDAP directory, such as OpenLDAP or OracleLDAP directories, with Workspace ONE Access to sync users and groups from the LDAP directory to the Workspace ONE Access service.

For the types of LDAP directories supported, see Workspace ONE Access Directory Integration Requirements and Supported Directories.

Limitations of LDAP Directory Integration

The following limitations apply to LDAP directory integration.

  • You can only integrate a single-domain LDAP directory.

    To integrate multiple domains from an LDAP directory, you create multiple VMware Workspace ONE Access directories, one for each domain.

  • The following authentication methods are not supported for VMware Workspace ONE Access directories of type LDAP directory.
    • Kerberos authentication
    • SecurID
    • RADIUS
  • You cannot join an LDAP domain.
  • Integration with Horizon or Citrix-published resources is not supported for VMware Workspace ONE Access directories of type LDAP directory.
  • User names must not contain spaces. If a user name contains a space, the user is synced but entitlements are not available to the user.
  • If you plan to add both Active Directory and LDAP directories, ensure that you do not mark any attributes as Required in the User Attributes page. The Username attribute is the exception. The settings mapped in the User Attributes page apply to all directories in the service. If an attribute is marked as Required, users without that attribute are not synced to the VMware Workspace ONE Access service.
  • If you have multiple groups with the same name in your LDAP directory, you must specify unique names for them in the VMware Workspace ONE Access service. You can specify the names when you select the groups to sync.

  • The option to allow users to reset expired passwords is not available.