In the AirWatch Console:

1. Click Getting Started
2. Expand Getting Started
3. Click Workspace ONE
4. Click the + on the Setup header if it is collapsed
5. Click Configure for the Enterprise Connector & Directory section

1. Enter "controlcenter.corp.local" for the Server.
2. Select None for the Encryption Type.
3. Enter "389" for the Port.
4. Enter "3" for Protocol Version.

1. Scroll down to find the Binding Information section.
2. Select GSS-NEGOTIATE for the Bind Authentication Type.
3. Enter "corp\administrator" for the Bind Username.
4. Enter "VMware1!" for the Bind Password.
5. Enter "corp.local" for the Domain.
6. Click Save.

1. Click Test Connection.
2. Confirm the Connection successful with the given Servername, Bind Username and Password message appears.
3. Click Continue.

1. Enter your Tenant URL in the Tenant URL field.  
   NOTE - Details on retrieving your Tenant URL were listed in the Login to the VMware Identity Manager Console section, please return to that step if you do not remember your Tenant URL.
   NOTE - Please ensure that there is no trailing slash at the end of your Tenant URL to avoid any connection issues.
2. Enter "Administrator" for the Username.
3. Enter "VMware1!" for the Password.
4. Click Test Connection and ensure the Test connection successful! prompt displays.
5. Click Continue.

1. Select Yes for Do you want to use AirWatch to authenticate users?
2. Click Save.
   NOTE - The Save process may take several seconds to complete, please be patient.  The Finish button will become clickable once the process finishes.
3. Click Finish.

Advanced Directory Services configurations will need to be made for the purpose of this lab.

1. Click Groups & Settings .
2. Click All Settings.

1. Click System.
2. Expand Enterprise Integration.
3. Click Directory Services.
4. Click the Group tab.
5. Enter "container" for the Organizational Unit Object Class.
6. Expand Advanced.

1. Scroll down to the bottom of the page.
2. Click the Pencil (Edit) icon next to the Organizational Unit field.  This allows the Organizational Unit field to be edited.
3. Enter "cn" for the Organizational Unit.
4. Click Save.
5. Click Test Connection.
6. Confirm the Connection successful with given Servername, Bind Username and Password message appears.

Click Close in the top right corner.

1. Select Organizational Unit for the External Type.
2. Enter "Users" for the Search Text.
3. Click Search.
4. Select the Users option under Group Name.
5. Click Save.

Click the Edit (Pencil) button next to the Users user group that was created.

1. You may need to scroll down to the bottom of the menu.
2. Enter "100" for the Maximum Allowable Changes.
3. Enable Add Group Members Automatically.
4. Click Save.

1. Click the Check box next to the Users user group to select it.
2. Click on the Sync button.  This will add all the users in our "Users" group from Active Directory to AirWatch.

Click OK.

1. To view the number of Users synced to the Users user group, you may need to scroll your screen to the right.
2. It may take 45-60 seconds to complete the user sync. Please use the refresh button to check the status.
3. Confirm that you see 5 Users synced for the group.

Return to your VMware Identity Manager Tenant Administration Console.

1. Click Identity & Access Management
2. Click Directories
3. Confirm that you have a second directory besides the System Directory.  If you use the Workspace ONE Getting Started Wizard, this directory will be given a unique name (Company_Directory_{GroupID}).  This newly synced directory should contain 1 domain, 1 synced group and 2 synced users.  Confirm you see the same for your directory.

If your domain and users do not exist within VMware Identity Manager, you can force a re-sync to occur from the AirWatch Console.  If this step is needed, return to the AirWatch Console and navigate to Groups & Settings > All Settings.

1. Click System
2. Click Enterprise Integration
3. Click VMware Identity Manager
4. Scroll down to the bottom of the VMware Identity Manager settings page
5. Click Sync Now.  Note that this re-sync action is limited by a timer once used, so you'll need to wait before being allowed to issue a manually re-sync should you use it.