You can enroll users automatically by integrating with an existing directory service. It eliminates the need of having to add users manually to the Workspace ONE UEM.
Every directory user you want to manage through Workspace ONE UEM must have a corresponding user account in the UEM console.
You can directly add your existing directory services users to Workspace ONE UEM using one of the following methods.
For more information regarding syncing of account statuses, see the section documented on this page entitled Directory User Status Syncing.
When you make users inactive in your directory service, it impacts the corresponding Workspace ONE UEM and Workspace ONE Express account in a similar way but only assuming these prerequisite conditions.
You must create accounts for each user in the Workspace ONE UEM system and directory users authenticate using your existing corporate credentials.
This topic details creating user accounts one at a time. To create user accounts in bulk, see the section titled Batch Import Users and Devices in Batch Import Feature.
In the General tab, complete the following settings to add a directory user.
| Setting | Description |
|---|---|
| Security Type | Add an Active Directory user by choosing Directory as the Security Type. |
| Directory Name | This pre-populated setting identifies the Active Directory name. |
| Domain | Choose the domain name from the drop-down menu. |
| User name | Enter the user’s directory user name and select Check User. If the system finds a match, the user’s information is automatically populated. The remaining settings in this section are only available after you have successfully located an active directory user with the Check User button. |
| Full Name | Use Edit Attributes to allow any option that syncs a blank value from the directory to be edited. Edit Attributes also enables you to populate matching user’s information automatically. If a setting syncs an actual value from the directory, then that setting must be edited in the directory itself. The change takes effect on the next directory sync. Complete any blank option returned from the directory in Full Name and select Edit Attributes to save the addition. |
| Display Name | Enter the name that displays in the admin console. |
| Email Address | Enter or edit the user’s email address. |
| Email user name | Enter or edit the user’s email user name. |
| Domain (email) | Select the email domain from the drop-down menu. |
| Phone Number | Enter the user’s phone number including plus sign, country code, and area code.If you intend to use SMS to send notifications, the phone number is required. |
| Enrollment | |
| Enrollment Organization Group | Select the organization group into which the user enrolls. |
| Allow the user to enroll into additional Organization Groups | Choose whether or not to allow the user to enroll into more than one organization group. If you select Enabled, then complete the Additional Organization Groups. |
| User Role | Select the role for the user you are adding from this drop-down menu. |
| Notification | |
| Message Type | Choose the type of message you can send to the user, Email, SMS, or None. Selecting SMS requires a valid entry in the Phone Number text box. |
| Message Template | Choose the template for emailor SMS messages from this drop-down setting. Optionally, select the Message Preview to preview the template and select the Configure Message Templates link to create a template. |
You can optionally select the Advanced tab and complete the following settings.
| Setting | Description |
|---|---|
| Advanced Info Section | |
| Email Password | Enter the email password of the user you are adding. |
| Confirm Email Password | Confirm the email password of the user you are adding. |
| Distinguished Name | For directory users recognized by Workspace ONE UEM, this text box is pre-populated with the distinguished name of the user. Distinguished Name is a string representing the user name and all authorization codes associated with an Active Directory user. |
| Manager Distinguished Name | Enter the distinguished name of the user’s manager. This text box is optional. |
| Category | Choose the user category for the user being added. |
| Department | Enter the user’s department for your company’s administrative purposes. |
| Employee ID | Enter the user’s employee ID for your company’s administrative purposes. |
| Cost Center | Enter the user’s cost center for your company’s administrative purposes. |
| Custom Attribute 1–5 (for Directory users only) | Enter your previously configured custom attributes, where applicable. You can define these custom attributes by navigating to Groups & Settings > All Settings > Devices & Users > Advanced > Custom Attributes. Note: Custom attributes can be configured only at Customer organization groups. |
| Certificates Section | |
| Use S/MIME | Enable or deactivate the use of Secure/Multipurpose Internet Mail Extensions (S/MIME). If enabled, you must have an S/MIME-enabled profile and you must upload an S/MIME certificate by selecting Upload. |
| Separate Encryption Certificate | Enable or deactivate the use of a separate encryption certificate. If enabled, you must upload an encryption certificate using Upload. Generally, the same S/MIME certificate is used for signing and encryption, unless a different certificate is expressly being used. |
| Old Encryption Certificate | Enable or deactivate a legacy version encryption certificate. If enabled, you must Upload an encryption certificate. |
| Staging Section | |
| Enable Device Staging | Enable or deactivate the staging of devices. |
If enabled, you must choose between Single User Devices and Multi User Devices.
If Single User Devices, you must select between Standard, where users themselves log in and Advanced, where a device is enrolled on behalf of another user.
See Device Staging for more information.
Select Save to save only the new user or select Save and Add Device to save the new user and proceed to the Add Device page.
