You can enroll existing users and groups of directory services like Active Directory (AD), Lotus Domino, and Novell e-Directory. If you do not have such an infrastructure or you choose not to integrate with it, you must perform Basic Enrollment in Workspace ONE UEM powered by AirWatch.

Basic enrollment means manually creating user accounts in the UEM console.

Note: While Workspace ONE UEM supports a mix of both Basic and Directory-based users, you typically use one or the other for the initial enrollment of users and devices.

Pros and Cons

Pros Cons

Basic Enrollment

  • Can be used for any deployment method.
  • Requires no technical integration.
  • Requires no enterprise infrastructure.
  • Can enroll into potentially multiple organization groups.
  • Credentials only exist in Workspace ONE UEM and do not necessarily match existing corporate credentials.
  • Offers no federated security.
  • Single sign on not supported.
  • Workspace ONE UEM stores all user names and passwords.
  • Cannot be used for Workspace ONE Direct Enrollment.

Directory Service Enrollment

  • End users authenticate with existing corporate credentials.
  • Detects and syncs changes from the directory system into Workspace ONE UEM automatically. For instance, when you disable users in AD, the corresponding user account in Workspace ONE UEM console is marked inactive.
  • Secure method of integrating with your existing directory service.
  • Standard integration practice.
  • Can be used for Workspace ONE Direct Enrollment.
  • SaaS deployments using the AirWatch Cloud Connector require no firewall changes and offers a secure configuration to other infrastructures, such as Microsoft ADCS, SCEP, and SMTP servers.
  • Requires an existing directory service infrastructure.
  • SaaS deployments require additional configuration due to the AirWatch Cloud Connector being installed behind the firewall or in a DMZ.