Directory Services Integration and Identity Manager User Sync

In this chapter, you will setup Active Directory Services to work with AirWatch MDM. You should have closed the RDP connection and returned to the main console desktop. From here you will pull up the AirWatch console which you should have authenticated to on this server prior to installing the ACC. If you haven't yet opened the console, please do so now by following the instructions in "Login to the AirWatch Console".

1. Selecting Directory Services

Selecting Directory Services

You should still be logged in to the AirWatch Console on the Control Center. Click on “Groups & Settings” in the far left-hand menu then click on “All Settings” in the secondary menu.

  1. Under System, click  "Enterprise Integration" in the left-hand menu to expand it.
  2. Click  “Directory Services”.
  3. Click the "Skip wizard and configure manually" link.

2. Server Setup

Server Setup

Configure the "Server" section of Directory Services

  1. Type the name of the AD Server which is "controlcenter.corp.local"
  2. Confirm that the "Encryption Type" is "None"
  3. Change the "Port" to "389".
  4. Change the "Protocol Version" to "3".
  5. Change the Bind Authentication Type to "GSS-NEGOTIATE"
  6. Enter the Bind Username  which is "corp\administrator"
  7. Enter the Bind Password which is "VMware1!".
  8. Enter "corp.local" in the "Domain" field.

3. User Setup

User Setup

Configure the "User" settings as follows:

  1. Click on the "User" tab at the top of the page.
  2. Enter the Base DN for the users as "dc=corp,dc=local".

4. Group Setup

Group Setup
  1. Click on the "Group" tab at the top of the page.
  2. Enter the Group Base DN as "dc=corp,dc=local".
  3. Enter container in the "Organizational Unit Object Class" field.
  4. Expand the "ADVANCED" option by clicking on the arrow.
  5. Click on the pencil icon on the "Organizational Unit" line.
  6. Enter cn in the "Organizational Unit" field.
  7. Click Save
  8. Click Test Connection
  9. Close the "Settings" page by clicking on the "X" in the upper right corner

5. vIDM Tenant information e-mail

You should have received an email titled ‘SE Workshop | vIDM Tenant Information’ with steps to setup your vIDM tenant.  This email is sent to the account you use to sign into VLP. In the e-mail, notice your:

  1. Tenant URL: This should be in the format https://FirstNameLastName4digits.vmwareidentity.com. You will use this URL to access your vIDM tenant admin console.
  2. Admin Username: This should be in the format FirstNameLastName4digits. You will use this admin account to log into your vIDM tenant admin console.
  3. Admin Password setup: You will use this link to reset your vIDM admin password in the next step.

6. Setting up VMware Identity admin password

Setting up VMware Identity admin password

Note - You must complete this step on a device outside of the lab environment as you won't be able to access your email from the server.   You can use your smart phone or laptop computer.

Click the Admin Password setup link to set a password for your tenant.

  1. Type "VMware1!" in the New Password field.
  2. Type "VMware1!" in the Confirm Password field.
  3. Click "Change Password".

Now you should return to your lab environment.

7. Open the VMware Identity Manager Console

Open the VMware Identity Manager Console

The following steps should be completed in the lab environment.

  1. Click + to open a new tab in Firefox
  2. Enter the URL of your Identity Manager instance.   The URL is in the email that  was sent to you when you started the lab.   It will have the format of "https://{first name last name #}.vmwareidentity.com" where the section in the {} will be your first name then last name then a random 4 digit number.

8. Login to VMware Identity Manager

Login to VMware Identity Manager
  1. Enter your username in the "username" field.   Your VMware Identity Manager username is in the email that was sent to you when you started the lab.
  2. Enter your password in the "password" field.   This is the password you set earlier in the lab when you clicked on the link in the email.
  3. Click Sign in

9. Navigate to Identity & Access Management Setup

  1. Click Identity & Access Management
  2. Click Setup

10. Ignore the warning message

Ignore the warning message

You might see a warning message regarding missing Connector. Ignore that for now as we will adding that in a later section.

11. Edit User Attributes

  1. Click User Attributes
  2. Check the check box for "userPrincipalName"
  3. Check the check box for "distinguishedName"
  4. Click Save

12. Switch to the AirWatch Console

Switch to the AirWatch Console

In the browser, click on the AirWatch tab

13. Navigate to All Settings

Navigate to All Settings
  1. Click Groups & Settings
  2. Click All Settings

14. Open the VMware Identity Manager Settings

Open the VMware Identity Manager Settings
  1. Click System
  2. Click Enterprise Integration
  3. Click VMware Identity Manager

15. Navigate to the Server Settings

Click Configure in the "Server" box

16. Configure the Server Settings

To configure the settings on this page you will need access to the email that was sent to you when you started this workshop.   The contents of the email will be formatted as follows:

-----

Hello,

You have been generated a vIDM tenant with the following details:

  • Tenant Name: {tenant name}
  • Tenant URL: {tenant name}.vmwareidentity.com
  • Tenant Admin Username: {tenant name}

Please follow the link to setup your password for your Admin user (justinsheets1) for your vIDM tenant: {reset URL}.

Please note that you will not be able to log into your vIDM tenant using the above Admin user until you setup your password using the above link!

-----

  1. Enter the IDM Tenant URL from the email in the "URL" field
  2. Enter the Tenant Admin Username from the email in the "Admin Username" field
  3. Enter the password that you created after you clicked on the password reset URL in the "Admin Password" field
  4. Click Test Connection, you should receive a "Test is successful" message
  5. Click Next

 

17. Directory Configuration

  1. Enter corp.local in the "Directory" field
  2. Click Save

18. Switch to VMware Identity Manger Console

Switch to VMware Identity Manger Console

Click on the "VMware Workspace One" tab

19. Navigate to Directories

Navigate to Directories
  1. Click Identity & Access Management
  2. Click Directories

Confirm that the "corp.local" Directory has been added.

20. Switch to the AirWatch Console

Switch to the AirWatch Console

In the browser, click on the AirWatch tab

21. Navigate to User Groups

Navigate to User Groups
  1. Click Groups & Settings
  2. Click Groups
  3. Click User Groups
  4. Click Add

22. Search for a User Group

  1. Select Organizational Unit in the "External type" dropdown
  2. Type "Users" in the "Search Text" field
  3. Click Search

23. Select the "Users" User Group

Select the "Users" User Group
  1. Select Users from the list that is returned
  2. Click Save

24. Edit the new User Group

Click the Pencil icon for the new "Users" user group.

25. Add Group Members Automatically

Add Group Members Automatically
  1. Change the "Maximum Allowable Changes" to 100
  2. Check the check box for "Add Group Members Automatically"
  3. Click Save

26. Sync AD Users

Sync AD Users
  1. Check the box next to the pencil icon.
  2. Click on the Sync icon.   This will add all the users in AD to AirWatch.

27. Acknowledge Sync

Acknowledge Sync

Click OK.

0 Comments

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.