User Self-Enrollment applies your existing directory service environment to auto discover users based on their email.

There are other considerations.

  • Pros – Requires the least amount of effort while still supporting the ability to sync changes to user attributes that are made in your directory service. Self-enrollment also creates a Workspace ONE UEM user account.

  • Cons – Does not allow you to restrict the enrollment to specific users or user groups. This lack of restriction means that any directory user with a valid email address can enroll a device.

Enable All Directory Users to Self-Enroll

You can enable all your directory users to enroll themselves based on their email addresses. This option requires the least amount of effort while retaining the ability to sync user attributes. However, you are unable to restrict the enrollment to specific users or user groups.

  1. Navigate to Groups & Settings > All Settings > Devices & Users > General > Enrollment and select the Restrictions tab.
  2. Scroll to the Enrollment Restrictions section of this page. Ensure that Restrict Enrollment To Known Users and Restrict Enrollment To Configured Groups check boxes are both deselected.

    When deselected, all directory users and user groups members (as configured in the directory services settings page) are allowed to enroll with a valid email address.

Note: For additional information about enrolling with directory services integration, refer to "Device Enrollment" in the VMware AirWatch Mobile Device Management Guide, available on