The authentication proxy delivers directory services integration across the cloud or across hardened internal networks. In this model, the Workspace ONE UEM server communicates with a publicly facing Web server or an Exchange ActiveSync Server. This arrangement authenticates users against the domain controller.
- Offers a secure method to proxy integration with AD/LDAP across the cloud.
- End users can authenticate with existing corporate credentials.
- Lightweight module that requires minimal configuration.
- Requires a public facing Web server or an Exchange ActiveSync server which ties into an AD/LDAP server.
- Only feasible for specific architecture layouts.
- Much less robust solution than VMware Enterprise Systems Connector.
- Cannot be used for Workspace ONE Direct Enrollment.
- Device connects to Workspace ONE UEM to enroll device. User enters their directory services user name and password.
- User name and password are encrypted during transport.
- Workspace ONE UEM does not store the user's directory services password.
- Workspace ONE UEM relays the user name and password to a configured Authentication Proxy endpoint that requires authentication (for example, Basic Authentication).
- The user's credentials are validated against the corporate directory services.
- If the user credentials are valid, the Workspace ONE UEM server allows the device to complete a device enrollment.