As an admin, you can use the VMware AirWatch Cloud Connector (ACC) to integrate Workspace ONE UEM with an organizations back-end enterprise systems. The VMware AirWatch Cloud Connector runs in the internal network, acting as a proxy that securely transmits requests from Workspace ONE UEM to the organization's critical enterprise infrastructure components.

What can you do with the SMS settings page?

The path to the settings page on the UEM console is Groups & Settings > All Settings > System > Enterprise Integration > Cloud Connector.

The VMware AirWatch Cloud Connector allows organizations to leverage the benefits of VMware Mobile Device Management (MDM), running in any configuration, together with those of their existing LDAP, certificate authority, email, and other internal systems.

Determine your Organization group hierarchy

Before you review and modify the settings, understand the two types of inheritance/override options for the organization group hierarchy available at the top and bottom of the settings page and determine your choice. For more information about these settings, see Override Versus Inherit Setting for Organization Groups.
  • Current Setting - Select whether to Inherit or Override the displayed settings. Inherit means use the settings of the current organization group's parent OG, while Override enables the settings for editing so you can modify the current OG's settings directly.

General Tab

Setting Description
Enable Cloud Connector Enable VMware AirWatch Cloud Connector to enable secure connection to enterprise components.
Enable Auto Update Enable VMware AirWatch Cloud Connector to automatically update when a newer version is available.

Auto-update allows VMware AirWatch Cloud Connector to upgrade automatically to the latest version without any user intervention by querying Workspace ONE UEM for newer versions of VMware AirWatch Cloud Connector.

For more information regarding auto-update, refer to

Run the VMware AirWatch Cloud Connector Installer.

Advanced Tab

Setting Description
Communication with AWCM Select how the VMware AirWatch Cloud Connector communicates with AWCM under Communication with AWCM:
  • Use External AWCM URL – This is the default option that will apply to most deployments.
  • Use Internal AWCM URL – Use this option if your security settings restrict your VMware AirWatch Cloud Connector server from resolving the External AWCM URL. For example, if VMware AirWatch Cloud Connector is on your internal network and your AWCM server is in a DMZ.
Enterprise Services Select the desired button to enable or restrict Enterprise Services. The services you select (enabled) will integrate with VMware AirWatch Cloud Connector.
  • SMTP (Email Relay)

    Workspace ONE UEM SaaS offers email delivery through its own SMTP, but you can enable VMware AirWatch Cloud Connector to use another SMTP server here. Enter SMTP servers settings for email in Groups & Settings > All Settings > System > Enterprise Integration > Email (SMTP).

  • Directory Services (LDAP/AD)
  • Exchange PowerShell (for certain Secure Email Gateways)
  • Syslog (Client/server protocol used to integrate with the AirWatch event log data)

The following components are only available if you purchased the PKI Integration add-on, which is available separately:

  • Microsoft Certificate Services (PKI)
  • Simple Certificate Enrollment Protocol (SCEP PKI)
  • OpenTrust CMS Mobile (third-party certificate services)
  • Entrust PKI (third-party certificate services)
  • Symantec MPKI (third-party certificate services)

    Since there is no need to go through VMware AirWatch Cloud Connector for cloud certificate services, if you want to integrate with certificate services (like Symantec MPKI) by selecting one of the checkboxes in the screen below, the service you select must be on premises, not in the cloud (SaaS).

AirWatch Services Selectthe desired button to enable or restrict AirWatch Services. The Workspace ONE UEM components you enable integrate with VMware AirWatch Cloud Connector. VMware recommends leaving all services enabled.
  • Device Services (Admin console and all services required for it to operate, including related Windows services)
  • Device Management (Enrollment, App Catalog, and related Windows services)
  • Self-Service Portal (including related Windows services)
  • All Other Components (including related Windows services)

  • Child Permission – Select the available behavior of child organization groups that exist below the currently selected organization group. Inherit only means child OGs are only allowed to inherit these settings. Override only means they override the settings, and Inherit or Override means you can choose to inherit or override settings in child OGs that exist below the currently selected OG.