If you have a directory services infrastructure such as Active Directory (AD), Lotus Domino, and Novell e-Directory, you can apply existing users and groups in Workspace ONE ™ UEM.

If you do not have an existing directory services infrastructure or you choose not to integrate with it, you must perform Basic Enrollment. Basic enrollment means manually creating user accounts in the UEM console.


While Workspace ONE UEM supports a mix of both Basic and Directory-based users, you typically use one or the other for the initial enrollment of users and devices.

Pros and Cons

  Pros Cons

Basic Enrollment

  • Can be used for any deployment method.
  • Requires no technical integration.
  • Requires no enterprise infrastructure.
  • Can enroll into potentially multiple organization groups.
  • Credentials only exist in Workspace ONE UEM and do not necessarily match existing corporate credentials.
  • Offers no federated security.
  • Single sign on not supported.
  • Workspace ONE UEM stores all user names and passwords.
  • Cannot be used for Workspace ONE Direct Enrollment.

Directory Service Enrollment

  • End users authenticate with existing corporate credentials.
  • Can automatically detect and sync changes from the directory system into Workspace ONE UEM.
  • Secure method of integrating with your existing directory service.
  • Standard integration practice.
  • Can be used for Workspace ONE Direct Enrollment.
  • SaaS deployments using the VMware Enterprise Systems Connector require no firewall changes and offers a secure configuration to other infrastructures, such as Microsoft ADCS, SCEP, and SMTP servers.
  • Requires an existing directory service infrastructure.
  • SaaS deployments require additional configuration due to the VMware Enterprise Systems Connector being installed behind the firewall or in a DMZ.