After you complete the VMware Identity Services wizard in the Workspace ONE console, provision users from your identity provider to Workspace ONE. As a best practice, provision a few users at first to test the integration.

When you provision users, they are first provisioned to VMware Identity Services, and then provisioned automatically from VMware Identity Services to the Workspace ONE services you selected, such as Workspace ONE Access and Workspace ONE UEM.


Make sure that all the users that you want to provision to VMware Identity Services have values for the SCIM user attributes required by VMware Identity Services. See User Attribute Mapping for VMware Identity Services for the list of required attributes.


  1. (Azure AD integration) Follow these steps to provision users and groups from Azure AD.
    1. In the Azure Active Directory admin center, navigate to the Enterprise applications page and search for the provisioning app that you created.
    2. On the Overview page of the app, under Getting Started, click the Assign users and groups link.
    3. Click + Add user/group.
    4. In the Add Assignment page, under Users and groups, click the None selected link.
    5. In the Users and groups pane, search for and select users and groups to provision, then click Select.
    6. In the Add Assignment page, click Assign.
    7. From the Manage menu, select Provisioning, and click Start Provisioning.
      The users and groups that you selected will be provisioned after the fixed provisioning interval set by Azure AD. See the Azure AD documentation for more information.
    8. To provision a few users immediately for testing purposes, click Provision on demand.
      The View provisioning details section displays Provisioning interval (fixed) is 40 minutes.
    9. In the Select a user or group text box, search for and select the users to provision immediately, then click Provision.
  2. (SCIM 2.0 Identity Provider integration) Follow your identity provider documentation to provision users and groups.
    Consider the following:
    • Provision a few users at first to test the integration.
    • If your identity provider has a long provisioning interval, look for an option to provision immediately so that you can test the integration without waiting for the next provisioning time.
    • Check your identity provider documentation for information about how to provision users and groups. In some identity providers, provisioning a group might not automatically provision the users.

      For example, in Okta, you must first assign the group to the provisioning app, which provisions the users in the group but not the group itself, then use the Push Groups command to push the group.

What to do next

Verify that the test users and groups are successfully provisioned to VMware Identity Services and Workspace ONE services.