This guide provides information about using the AirWatch Provisioning app to provision users and groups in Workspace ONE UEM from the VMware Workspace ONE Access service.
The AirWatch Provisioning app creates, updates, and deletes users and groups in the Workspace ONE UEM console. When users are added, the user type designated in Workspace ONE UEM is Directory.
You use the AirWatch Provisioning app with the Workspace ONE UEM service when an LDAP server cannot be used with the VMware AirWatch Cloud Connector to synchronize users. Users who are created in the Workspace ONE Access service using either the System for Cross-domain Identity Management (SCIM) API or the just-in-time (JIT) service can be provisioning to the Workspace ONE UEM service.
To use the AirWatch Provisioning app, the following are the configuration requirements.
- Users are provisioned at the Customer Organization Group (OG) level in Workspace ONE UEM.
- An LDAP server cannot be configured at the Customer OG level in Workspace ONE UEM.
- An identity provider must be configured as the SAML provider before you configure the AirWatch Provisioning app. If you want to use Workspace ONE Access as the SAML provider, follow the instructions in the Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications guide.
- If you use Workspace ONE Access JIT to create users
- You must send a valid GUID to Workspace ONE UEM as part of the SAML attribute. This GUID is required to use the Workspace ONE Intelligent Hub app to enroll user devices. The GUID is mapped to the External ID and provisioned to Workspace ONE UEM.
- Users must use a browser the first time they log into Workspace ONE before they can use the Workspace ONE Intelligent Hub app.