Active Directory (AD) with Lightweight Directory Access Protocol (LDAP) authentication is used to integrate user and admin accounts of Workspace ONE UEM with existing corporate accounts.


  • End users now authenticate with existing corporate credentials.
  • Secure method of integrating with LDAP / AD.
  • Standard integration practice.
  • Can be used for Workspace ONE Direct Enrollment.


  • Requires an AD or other LDAP server.

This diagram shows a device accessing the UEM console via the internet going through a firewall. the UEM console accesses directory services.

  1. Device connects to Workspace ONE UEM to enroll device. User enters their directory services user name and password.
    • User name and password are encrypted during transport.
    • Workspace ONE UEM does not store the user's directory services password.
  2. Workspace ONE UEM queries the client's directory services through a secure LDAP protocol over the Internet using a service account for authentication.
  3. The user's credentials are validated against the corporate directory service.
  4. If the user credentials are valid, the Workspace ONE UEM server allows the device to complete a device enrollment.