Directory Services Integration and Identity Manager User Sync
In this chapter, you will setup Active Directory Services to work with AirWatch MDM. You should have closed the RDP connection and returned to the main console desktop. From here you will pull up the AirWatch console which you should have authenticated to on this server prior to installing the ACC. If you haven't yet opened the console, please do so now by following the instructions in "Login to the AirWatch Console".
1. Selecting Directory Services
You should still be logged in to the AirWatch Console on the Control Center. Click on “Groups & Settings” in the far left-hand menu then click on “All Settings” in the secondary menu.
- Under System, click "Enterprise Integration" in the left-hand menu to expand it.
- Click “Directory Services”.
- Click the "Skip wizard and configure manually" link.
2. Server Setup
Configure the "Server" section of Directory Services
- Type the name of the AD Server which is "controlcenter.corp.local"
- Confirm that the "Encryption Type" is "None"
- Change the "Port" to "389".
- Change the "Protocol Version" to "3".
- Change the Bind Authentication Type to "GSS-NEGOTIATE"
- Enter the Bind Username which is "corp\administrator"
- Enter the Bind Password which is "VMware1!".
- Enter "corp.local" in the "Domain" field.
3. User Setup
4. Group Setup
- Click on the "Group" tab at the top of the page.
- Enter the Group Base DN as "dc=corp,dc=local".
- Enter container in the "Organizational Unit Object Class" field.
- Expand the "ADVANCED" option by clicking on the arrow.
- Click on the pencil icon on the "Organizational Unit" line.
- Enter cn in the "Organizational Unit" field.
- Click Save
- Click Test Connection
- Close the "Settings" page by clicking on the "X" in the upper right corner
5. vIDM Tenant information e-mail
You should have received an email titled ‘SE Workshop | vIDM Tenant Information’ with steps to setup your vIDM tenant. This email is sent to the account you use to sign into VLP. In the e-mail, notice your:
- Tenant URL: This should be in the format https://FirstNameLastName4digits.vmwareidentity.com. You will use this URL to access your vIDM tenant admin console.
- Admin Username: This should be in the format FirstNameLastName4digits. You will use this admin account to log into your vIDM tenant admin console.
- Admin Password setup: You will use this link to reset your vIDM admin password in the next step.
6. Setting up VMware Identity admin password
Note - You must complete this step on a device outside of the lab environment as you won't be able to access your email from the server. You can use your smart phone or laptop computer.
Click the Admin Password setup link to set a password for your tenant.
- Type "VMware1!" in the New Password field.
- Type "VMware1!" in the Confirm Password field.
- Click "Change Password".
Now you should return to your lab environment.
7. Open the VMware Identity Manager Console
The following steps should be completed in the lab environment.
- Click + to open a new tab in Firefox
- Enter the URL of your Identity Manager instance. The URL is in the email that was sent to you when you started the lab. It will have the format of "https://{first name last name #}.vmwareidentity.com" where the section in the {} will be your first name then last name then a random 4 digit number.
8. Login to VMware Identity Manager
9. Navigate to Identity & Access Management Setup
- Click Identity & Access Management
- Click Setup
10. Ignore the warning message
11. Edit User Attributes
- Click User Attributes
- Check the check box for "userPrincipalName"
- Check the check box for "distinguishedName"
- Click Save
14. Open the VMware Identity Manager Settings
15. Navigate to the Server Settings
Click Configure in the "Server" box
16. Configure the Server Settings
To configure the settings on this page you will need access to the email that was sent to you when you started this workshop. The contents of the email will be formatted as follows:
-----
Hello,
You have been generated a vIDM tenant with the following details:
- Tenant Name: {tenant name}
- Tenant URL: {tenant name}.vmwareidentity.com
- Tenant Admin Username: {tenant name}
Please follow the link to setup your password for your Admin user (justinsheets1) for your vIDM tenant: {reset URL}.
Please note that you will not be able to log into your vIDM tenant using the above Admin user until you setup your password using the above link!
-----
- Enter the IDM Tenant URL from the email in the "URL" field
- Enter the Tenant Admin Username from the email in the "Admin Username" field
- Enter the password that you created after you clicked on the password reset URL in the "Admin Password" field
- Click Test Connection, you should receive a "Test is successful" message
- Click Next
17. Directory Configuration
- Enter corp.local in the "Directory" field
- Click Save
19. Navigate to Directories
22. Search for a User Group
- Select Organizational Unit in the "External type" dropdown
- Type "Users" in the "Search Text" field
- Click Search
24. Edit the new User Group
Click the Pencil icon for the new "Users" user group.
0 Comments
Add your comment