VMware Identity Manager together with Workspace ONE UEM enables you to consolidate a list of your organization’s suggested Web apps and native mobile apps in unified application catalogs. This functionality does not allow for Workspace ONE UEM to receive directory changes from Identity Manager. After configuring directory integration settings between your Workspace ONE UEM instance and VMware Identity Manager, your end users must sign in only once using Workspace ONE. Single sign-on enables access to all your organization’s available apps without the need to sign in each time.

For more information about integrating Workspace ONE UEM with Workspace ONE Access and deploying Workspace ONE with single sign-on to devices, see the Workspace ONE Quick Configuration Guide.

Requirements

Before you can integrate directory services with VMware Identity manager, complete the following:

  • Set up and configure VMware Enterprise Systems with your Workspace ONE UEM environment.
  • Set up and configure Directory service integration for the selected organization group and not inheriting settings from a parent organization group.
  • Accept the End User License Agreement (EULA) found in the VMware Identity Manager console. This EULA displays when you first open the console.

Synchronization Between Workspace ONE UEM and VMware Identity Manager

Synchronization of directory information between Workspace ONE UEM and VMware Identity Manager occurs on the same schedule as the Workspace ONE UEM directory sync. Users are also synced to VMware Identity Manager immediately when added by an administrator manually or from a bulk import.

Also, the integration with VMware Identity Manager supports Just-in-Time provisioning (JIT). Users with directory accounts have their accounts synced to VMware Identity Manager the first time they log in using an enrollment or self-service portal. Manual synchronization is not required to add a single user to VMware Identity Manager immediately.

Manage VMware Identity Manager Integration with Directory Services

After you bind your directory settings between Workspace ONE UEM and Identity Manager, you can perform some management actions on the settings page. Navigate toGroups & Settings > All Settings > System > Enterprise Integration > VMware Identity Manager > Configuration.

You can perform the following actions on the settings page:

  • Edit the VMware Identity Management for Directory Services configuration by selecting the Edit button.
  • Delete the configuration by selecting the Delete button.
  • Initiate a synchronization of the structures within your directory services and VMware Identity Management by selecting the Sync Now button.

Integrate VMware Identity Manager with Directory Services

VMware Identity Manager together with Workspace ONE UEM enable you to consolidate a list of your organization’s suggested Web apps and native mobile apps in unified application catalogs. This functionality does not allow for Workspace ONE UEM to receive directory changes from Identity Manager. Use the following instructions to configure server-related settings.

For more information about integrating Workspace ONE UEM with Workspace ONE Access and deploying Workspace ONE with single sign-on to devices, see the Workspace ONE Quick Configuration Guide.
  1. Navigate to Groups & Settings > All Settings > System > Enterprise Integration > VMware Identity Manager > Configuration.
  2. Enter your server information.
    Setting Description
    URL

    Bind to Workspace ONE UEM by entering the URL of your VMware Identity Manager tenant.

    A valid license for VMware Identity Manager is required.

    Admin user name Enter the administrator user name, which is case-sensitive.
    Admin Password Enter the administrator password, which is case-sensitive.
  3. Verify that you have established proper connectivity by selecting the Test Connection button.
  4. Click Next to save your selections and proceed to the next configuration screen.
    Setting Description
    Directory Workspace ONE UEM imports the directory name based on your existing directory in Workspace ONE UEM. Enter the same directory name as used by VMware Identity Manager.
    Enable Custom Mapping

    Enable custom mapping as applicable to map the directory integration in Workspace ONE UEM to VMware Identity Manager so they are in sync.

    Most directory service configurations use Standard mapping. Custom mapping attributes are for customers who have a non-standard directory service database value mapping or an otherwise customized configuration between a directory service and

    Workspace ONE UEM.

    ExternalID Identifies the source of a user, in case multiple users have the same user name.
    Password Directory services user's password.
    UserStore The name of the user store to which a user belongs.
    Disabled Indicates whether the directory account is disabled.
    DistinguishedName Select the distinguished name for the directory services user from the drop-down listing.
    Domain Select the domain name from the drop-down listing.
    Email

    Directory service user's email address.

    The email address mapped according to this attribute must be the same email which was used in the original configuration between directory services and Workspace ONE UEM. Otherwise this setting, and by extension the user's entire account, syncs incorrectly.

    EmployeeID Select the employee ID from the drop-down listing.
    First name* Directory service user's first name.
    Last name* Directory service user's last name.
    Phone Phone number of the directory service user.
    Roles Default role of the directory service user.
    User name* User name associated with the directory services.
    UserPrincipalName Select the principal user name for the Directory services user from the drop-down listing.
    * Required settings for both Standard and Custom attribute mapping. The mapping attribute settings presented here are default settings. You can add more attributes.
  5. Click the Save button to save your configuration and refresh the page.You can view all the details in the Summary page.
  6. Initiate a synchronization of the structures within your directory services and VMware Identity Management by selecting the Sync Now button.

Enable and Export AirWatch Certificate Authority

When VMware Identity Manager is enabled in Workspace ONE UEM, you can generate the AirWatch issuer root certificate and export the certificate for use with the Mobile SSO for iOS authentication on managed iOS 9 mobile devices.
  1. Navigate to Groups & Settings > All Settings > System > Enterprise Integration > VMware Identity Manager > Configuration. To enable AirWatch Certificate Authority, the organization group type must be Customer. To view or change the group type, navigate to Groups & Settings > Groups > Organization Groups > Organization Group Details.
  2. In the Certificate section, click Enable.The section displays the issuer root certificate details.
  3. Click Export and save the file.