Before any devices can be enrolled, each device user must have an authentic user account recognized by
Workspace ONE UEM powered by AirWatch. The type of user authentication you select depends upon the needs of your organization.
Basic User Authentication You can use Basic Authentication to identify users in the Workspace ONE UEM architecture but this method offers no integration to existing corporate user accounts.
Active Directory with LDAP Authentication Active Directory (AD) with Lightweight Directory Access Protocol (LDAP) authentication is used to integrate user and admin accounts of Workspace ONE UEM with existing corporate accounts.
Active Directory with LDAP Authentication and VMware Enterprise Systems Connector The Active Directory with LDAP authentication and VMware Enterprise Systems Connector provides the same functionality as traditional AD & LDAP authentication. This model functions across the cloud for Software as a Service (SaaS) deployments.
Authentication Proxy The authentication proxy delivers directory services integration across the cloud or across hardened internal networks. In this model, the Workspace ONE UEM server communicates with a publicly facing Web server or an Exchange ActiveSync Server. This arrangement authenticates users against the domain controller.
SAML 2.0 Authentication The Security Assertion Markup Language (SAML) 2.0 Authentication offers single sign-on support and federated authentication. Workspace ONE UEM never receives any corporate credentials.
Token-Based Authentication The Token-based authentication offers the easiest way for a user to enroll their device. With this enrollment setting, Workspace ONE UEM generates a token, which is placed within the enrollment URL.
Enable Security Types for Enrollment After Workspace ONE UEM is integrated with a selected user security type and before enrollment, enable each authentication mode you plan to allow.