Workspace ONE Access, formerly known as VMware Identity Manager, together with Workspace ONE UEM enables you to consolidate a list of your suggested Web apps and native mobile apps in unified application catalogs. This functionality does not allow for UEM to receive directory changes from Workspace ONE Access.
After configuring directory integration settings between your Workspace ONE UEM instance and Workspace ONE Access, your end users must sign in only once using Workspace ONE. Single sign-on enables access to all your available apps without requiring sign in each time.
For more information about integrating Workspace ONE UEM with Workspace ONE Access and deploying Workspace ONE with single sign-on to devices, see Directory Integration with VMware Workspace ONE Access.
Before you can integrate directory services with Workspace ONE Access, complete the following:
Synchronization of directory information between Workspace ONE UEM and Workspace ONE Access occurs on the same schedule as the Workspace ONE UEM directory sync. Users are also synced to Workspace ONE Access immediately when added by an administrator manually or from a bulk import.
Also, the integration with Workspace ONE Access supports Just-in-Time provisioning (JIT). Users with directory accounts have their accounts synced to Workspace ONE Access the first time they log in using an enrollment or self-service portal. Manual synchronization is not required to add a single user to Workspace ONE Access immediately.
After you bind your directory settings between Workspace ONE UEM and Identity Manager, you can perform some management actions on the settings page. Navigate to Groups & Settings > All Settings > System > Enterprise Integration > Workspace ONE Access > Configuration.
You can perform the following actions on the settings page:
Workspace ONE Access together with Workspace ONE UEM enable you to consolidate a list of your organization’s suggested Web apps and native mobile apps in unified application catalogs. This functionality does not allow for Workspace ONE UEM to receive directory changes from Identity Manager. Use the following instructions to configure server-related settings.
For more information about integrating Workspace ONE UEM with Workspace ONE Access and deploying Workspace ONE with single sign-on to devices, see the Workspace ONE Quick Configuration Guide.
Enter your server information.
| Setting | Description |
|---|---|
| URL | Bind to Workspace ONE UEM by entering the URL of your Workspace ONE Access tenant. You are required to have a valid license for Workspace ONE Access. |
| Admin user name | Enter the administrator user name, which is case-sensitive. |
| Admin Password | Enter the administrator password, which is case-sensitive. |
Verify that you have established proper connectivity by selecting the Test Connection button.
Save your selections and proceed to the Next configuration screen.
| Setting | Description |
|---|---|
| Directory | Workspace ONE UEM imports the directory name based on your existing directory in Workspace ONE UEM. Enter the same directory name as used by Workspace ONE Access. |
| Enable Custom Mapping | Enable custom mapping as applicable to map the directory integration in Workspace ONE UEM to Workspace ONE Access so they are in sync. Most directory service configurations use Standard mapping. Custom mapping attributes are for customers who have a non-standard directory service database value mapping or an otherwise customized configuration between a directory service and Workspace ONE UEM. |
| ExternalID | Identifies the source of a user, in case multiple users have the same user name. |
| Password | Directory services user’s password. |
| UserStore | The name of the user store to which a user belongs. |
| Deactivated | Indicates whether the directory account is deactivated. |
| DistinguishedName | Select the distinguished name for the directory services user from the drop-down listing. |
| Domain | Select the domain name from the drop-down listing. |
| Directory service user’s email address. The email address mapped according to this attribute must be the same email which was used in the primary configuration between directory services and Workspace ONE UEM. Otherwise this setting, and by extension the user’s entire account, syncs incorrectly. |
|
| EmployeeID | Select the employee ID from the drop-down listing. |
| First name* | Directory service user’s first name. |
| Last name* | Directory service user’s last name. |
| Phone | Phone number of the directory service user. |
| Roles | Default role of the directory service user. |
| User name* | User name associated with the directory services. |
| UserPrincipalName | Select the principal user name for the Directory services user from the drop-down listing. |
/* Required settings for both Standard and Custom attribute mapping. The mapping attribute settings presented here are default settings. You can add more attributes.
Click the Save button to save your configuration and refresh the page. You can view all the details on the Summary page.
When Workspace ONE Access is enabled in Workspace ONE UEM, you can generate the AirWatch issuer root certificate and export the certificate for use with the Mobile SSO for iOS authentication on managed iOS 9 mobile devices.
Parent topic: Directory Services Setup
