Workspace ONE UEM integrates with your organization's existing directory service – such as Active Directory, Lotus Domino, and Novell e-Directory – to provide directory-based account access. This type of account access lets users authenticate with Workspace ONE UEM apps and enroll devices using their existing directory service credentials.

Integrating with directory services eliminates the need to create basic user accounts in your organization. Such integration can also help simplify the enrollment process for end users by applying information they already know.

Ongoing LDAP synchronization detects any changes within the system. This synchronization performs necessary updates across all devices for affected users. In cases where administrative approval is required before changes occur, this synchronization obtains such approval.

You may also migrate Basic Users to LDAP Users, checking against existing directory users. For more information, please see the Migrating Basic users to Directory (AD) users KB article: https://support.air-watch.com/solutions/1859.

Integrating Workspace ONE UEM with your directory service provides many benefits.

  • Conduct enrollment for both users and administrators.
  • Map directory groups to Workspace ONE UEM user groups.
  • Control UEM console access.
  • Apply existing credentials for VMware Content Locker access.
  • Assign apps, profiles, and policies by user group.
  • Automatically retire end users when they go inactive.

The following sections explain how to integrate your Workspace ONE UEM environment with your directory service of choice. Also, how to add directory user accounts to Workspace ONE UEM and how to integrate user groups in Workspace ONE UEM.

Requirements, Setup, and User Integration

Learn about which Lightweight Directory Access Protocol (LDAP)-based directory services you need, which ports to use, and what organization group to designate as the root. For more information, see Requirements for Directory Services.

The Directory Services page in system settings enables you to integrate Workspace ONE UEM with your organization's domain controller. Security Assertion Markup Language (SAML) settings can also be configured on this page. For more information, see Directory Services Setup.

Provide everyone in your organization with a Workspace ONE UEM account (required if users intend to use a managed device) by integrating your directory users. For more information, see Directory Service User Integration.

Directory User Group Integrations

If you have user groups in your active directory structure, you can make the same user groups in Workspace ONE UEM. Enable integrated updates so when you change your active directory user group assignments, those same changes get made in Workspace ONE UEM. For more information, see Directory User Group Integration.