Workspace ONE Access with Directory Services

Workspace ONE Access, formerly known as VMware Identity Manager, together with Workspace ONE UEM enables you to consolidate a list of your suggested Web apps and native mobile apps in unified application catalogs. This functionality does not allow for UEM to receive directory changes from Workspace ONE Access.

After configuring directory integration settings between your Workspace ONE UEM instance and Workspace ONE Access, your end users must sign in only once using Workspace ONE. Single sign-on enables access to all your available apps without requiring sign in each time.

For more information about integrating Workspace ONE UEM with Workspace ONE Access and deploying Workspace ONE with single sign-on to devices, see Directory Integration with VMware Workspace ONE Access.

Requirements

Before you can integrate directory services with Workspace ONE Access, complete the following:

  • Set up and configure VMware Enterprise Systems with your Workspace ONE UEM environment.
  • Set up and configure Directory service integration for the selected organization group and not inheriting settings from a parent organization group.
  • Accept the End User License Agreement (EULA) found in the Workspace ONE Access console. This EULA displays when you first open the console.

Synchronization Between Workspace ONE UEM and Workspace ONE Access

Synchronization of directory information between Workspace ONE UEM and Workspace ONE Access occurs on the same schedule as the Workspace ONE UEM directory sync. Users are also synced to Workspace ONE Access immediately when added by an administrator manually or from a bulk import.

Also, the integration with Workspace ONE Access supports Just-in-Time provisioning (JIT). Users with directory accounts have their accounts synced to Workspace ONE Access the first time they log in using an enrollment or self-service portal. Manual synchronization is not required to add a single user to Workspace ONE Access immediately.

Manage Workspace ONE Access Integration with Directory Services

After you bind your directory settings between Workspace ONE UEM and Identity Manager, you can perform some management actions on the settings page. Navigate to Groups & Settings > All Settings > System > Enterprise Integration > Workspace ONE Access > Configuration.

You can perform the following actions on the settings page:

  • Edit the Workspace ONE Access management for Directory Services configuration by selecting the Edit button.
  • Delete the configuration by selecting the Delete button.
  • Initiate a synchronization of the structures within your directory services and Workspace ONE Access management by selecting the Sync Now button.

Integrate Workspace ONE Access with Directory Services

Workspace ONE Access together with Workspace ONE UEM enable you to consolidate a list of your organization’s suggested Web apps and native mobile apps in unified application catalogs. This functionality does not allow for Workspace ONE UEM to receive directory changes from Identity Manager. Use the following instructions to configure server-related settings.

For more information about integrating Workspace ONE UEM with Workspace ONE Access and deploying Workspace ONE with single sign-on to devices, see the Workspace ONE Quick Configuration Guide.

  1. Navigate to Groups & Settings > All Settings > System > Enterprise Integration > Workspace ONE Access > Configuration.
  2. Enter your server information.

    Setting Description
    URL Bind to Workspace ONE UEM by entering the URL of your Workspace ONE Access tenant.

    You are required to have a valid license for Workspace ONE Access.
    Admin user name Enter the administrator user name, which is case-sensitive.
    Admin Password Enter the administrator password, which is case-sensitive.
  3. Verify that you have established proper connectivity by selecting the Test Connection button.

  4. Save your selections and proceed to the Next configuration screen.

    Setting Description
    Directory Workspace ONE UEM imports the directory name based on your existing directory in Workspace ONE UEM. Enter the same directory name as used by Workspace ONE Access.
    Enable Custom Mapping Enable custom mapping as applicable to map the directory integration in Workspace ONE UEM to Workspace ONE Access so they are in sync.

    Most directory service configurations use Standard mapping. Custom mapping attributes are for customers who have a non-standard directory service database value mapping or an otherwise customized configuration between a directory service and Workspace ONE UEM.
    ExternalID Identifies the source of a user, in case multiple users have the same user name.
    Password Directory services user’s password.
    UserStore The name of the user store to which a user belongs.
    Deactivated Indicates whether the directory account is deactivated.
    DistinguishedName Select the distinguished name for the directory services user from the drop-down listing.
    Domain Select the domain name from the drop-down listing.
    Email Directory service user’s email address.

    The email address mapped according to this attribute must be the same email which was used in the primary configuration between directory services and Workspace ONE UEM. Otherwise this setting, and by extension the user’s entire account, syncs incorrectly.
    EmployeeID Select the employee ID from the drop-down listing.
    First name* Directory service user’s first name.
    Last name* Directory service user’s last name.
    Phone Phone number of the directory service user.
    Roles Default role of the directory service user.
    User name* User name associated with the directory services.
    UserPrincipalName Select the principal user name for the Directory services user from the drop-down listing.

    /* Required settings for both Standard and Custom attribute mapping. The mapping attribute settings presented here are default settings. You can add more attributes.

  5. Click the Save button to save your configuration and refresh the page. You can view all the details on the Summary page.

  6. Initiate a synchronization of the structures within your directory services and Workspace ONE Access management by selecting the Sync Now button.

Enable and Export AirWatch Certificate Authority

When Workspace ONE Access is enabled in Workspace ONE UEM, you can generate the AirWatch issuer root certificate and export the certificate for use with the Mobile SSO for iOS authentication on managed iOS 9 mobile devices.

  1. Navigate to Groups & Settings > All Settings > System > Enterprise Integration > Workspace ONE Access > Configuration. To enable AirWatch Certificate Authority, the organization group type must be Customer. To view or change the group type, navigate to Groups & Settings > Groups > Organization Groups > Organization Group Details.
  2. In the Certificate section, click Enable. The section displays the issuer root certificate details.
  3. Click Export and save the file.

Parent topic: Directory Services Setup

check-circle-line exclamation-circle-line close-line
Scroll to top icon