You must create accounts for each user in the Workspace ONE UEM system and directory users authenticate using your existing corporate credentials.

This topic details creating user accounts one at a time. To create user accounts in bulk, see Batch Import Users or Devices.


  1. Navigate to Accounts > Users > List View and select Add and then Add User. The Add / Edit User page displays.
  2. In the General tab, complete the following settings to add a directory user.
    Setting Description
    Security Type Add an Active Directory user by choosing Directory as the Security Type.
    Directory Name This pre-populated setting identifies the Active Directory name.
    Domain Choose the domain name from the drop-down menu.
    User name

    Enter the user's directory user name and select Check User. If the system finds a match, the user's information is automatically populated. The remaining settings in this section are only available after you have successfully located an active directory user with the Check User button.

    Full Name

    Use Edit Attributes to allow any option that syncs a blank value from the directory to be edited. Edit Attributes also enables you to populate matching user's information automatically.

    If a setting syncs an actual value from the directory, then that setting must be edited in the directory itself. The change takes effect on the next directory sync. Complete any blank option returned from the directory in Full Name and select Edit Attributes to save the addition.

    Display Name Enter the name that displays in the admin console.
    Email Address Enter or edit the user's email address.
    Email user name Enter or edit the user's email user name.
    Domain (email) Select the email domain from the drop-down menu.
    Phone Number Enter the user's phone number including plus sign, country code, and area code. If you intend to use SMS to send notifications, the phone number is required.
    Enrollment Organization Group Select the organization group into which the user enrolls.
    Allow the user to enroll into additional Organization Groups Choose whether or not to allow the user to enroll into more than one organization group. If you select Enabled, then complete the Additional Organization Groups.
    User Role Select the role for the user you are adding from this drop-down menu.
    Message Type Choose the type of message you may send to the user, Email, SMS, or None. Selecting SMS requires a valid entry in the Phone Number text box.
    Message Template Choose the template for email or SMS messages from this drop-down setting. Optionally, select the Message Preview to preview the template and select the Configure Message Templates link to create a template.
  3. You may optionally select the Advanced tab and complete the following settings.
    Setting Description
    Advanced Info Section
    Email Password Enter the email password of the user you are adding.
    Confirm Email Password Confirm the email password of the user you are adding.
    Distinguished Name For directory users recognized by Workspace ONE UEM, this text box is pre-populated with the distinguished name of the user. Distinguished Name is a string representing the user name and all authorization codes associated with an Active Directory user.
    Manager Distinguished Name Enter the distinguished name of the user's manager. This text box is optional.
    Category Choose the user category for the user being added.
    Department Enter the user's department for your company's administrative purposes.
    Employee ID Enter the user's employee ID for your company's administrative purposes.
    Cost Center Enter the user's cost center for your company's administrative purposes.
    Custom Attribute 1–5 (for Directory users only)

    Enter your previously configured custom attributes, where applicable. You may define these custom attributes by navigating to Groups & Settings > All Settings > Devices & Users > Advanced > Custom Attributes.

    Note: Custom attributes can be configured only at Customer organization groups.
    Certificates Section
    Use S/MIME

    Enable or disable the use of Secure/Multipurpose Internet Mail Extensions (S/MIME). If enabled, you must have an S/MIME-enabled profile and you must upload an S/MIME certificate by selecting Upload.

    Separate Encryption Certificate

    Enable or disable the use of a separate encryption certificate. If enabled, you must upload an encryption certificate using Upload. Generally, the same S/MIME certificate is used for signing and encryption, unless a different certificate is expressly being used.

    Old Encryption Certificate

    Enable or disable a legacy version encryption certificate. If enabled, you must Upload an encryption certificate.

    Staging Section
    Enable Device Staging

    Enable or disable the staging of devices.

    If enabled, you must choose between Single User Devices and Multi User Devices.

    If Single User Devices, you must select between Standard, where users themselves log in and Advanced, where a device is enrolled on behalf of another user.

  4. Select Save to save only the new user or select Save and Add Device to save the new user and proceed to the Add Device page.

What to do next

For more information about adding directory users to Workspace ONE UEM, see Add Individual Directory Users One at a Time and Batch Import Directory Users. from the VMware Workspace ONE UEM Directory Services Documentation on