You can integrate Active Directory over LDAP or Active Directory over Integrated Windows Authentication with the Workspace ONE Access service. You can also integrate LDAP directories such as OpenLDAP or OracleLDAP. Review the following information for supported environments and versions.

Requirements

The Directory Sync service is required for directory integration. Before you integrate your enterprise directory, install one or more instances of the Directory Sync service. The Directory Sync service is available as a component of the Workspace ONE Access connector. See Installing VMware Workspace ONE Access Connector 20.10 for information.

Supported Active Directory Environments and Versions

You can integrate Active Directory over LDAP or over Integrated Windows Authentication.

  • Supported Active Directory environments:
    • Single Active Directory domain
    • Multiple domains in a single Active Directory forest
    • Multiple domains across multiple Active Directory forests
  • Supported versions:
    • Active Directory on Windows Server 2012 R2, 2016, and 2019 with a Domain functional level and Forest functional level of Windows 2003 and later.
      Note: A higher functional level may be required for some features. For example, to allow users to change their Active Directory passwords from Workspace ONE, the Domain functional level must be Windows 2008 or later.

Supported LDAP Directories

You can integrate the following types of LDAP directories:

  • OpenLDAP - 2.4.42
  • Oracle LDAP - Directory Server Enterprise Edition 11g, Release 1 (11.1.1.7.0)
  • IBM Tivoli Directory Server 6.3.1

Security Considerations

For enterprise directories integrated with the Workspace ONE Access service, security settings such as user password complexity rules and account lockout policies must be set in the enterprise directory directly. Workspace ONE Access does not override or enforce these settings.

Limit on Number of Directories

The Workspace ONE Access console can display only 20 directories in the Identity & Access Management > Manage > Directories page. This includes directories of all types: Active Directory, LDAP, System, Local, JIT, and Other. Do not create more than 20 directories in Workspace ONE Access.