When Workspace ONE Access and Workspace ONE UEM services are integrated, UEM user accounts are synchronized from the UEM console to the Workspace ONE Access console to enable Workspace ONE UEM users single sign-on access to the Intelligent Hub app and their app resources without requiring reauthentication.
In the Workspace ONE UEM console, you can set up either Active Directory-based account access to user accounts, or you can create basic user accounts that are not integrated to your directory service. When you integrate with the Workspace ONE Access service, you select which type of user accounts to sync to the Workspace ONE Access service.
In the Workspace ONE Access console, you create a directory and specify the connection details. This includes the following tasks.
- Selecting the user attributes that you want include and mapping these attributes to attributes used in our enterprise directory.
- Specifying the users and groups to sync.
- Syncing the users and groups to the directory.
See the Directory Integration with Workspace ONE Access guide for detailed information about configuring a directory in the Workspace ONE Access service.
In addition, you can also use third-party identity providers such as Okta and Ping to provide single sign-on authentication to the Intelligent Hub app. See Third-Party Identity Providers as an Application Source for more information.