Sync a Domain to VMware Identity Manager

With the VMware Enterprise Systems Connector installed, we will now use the Workspace ONE Getting Started Wizard to connect AirWatch to our Active Directory and VMware Identity Manager tenant.  We'll then import our corp.local users into AirWatch and sync the corp.local domain and users to our VMware Identity Manager tenant.

1. Configure Directory Services and VMware Identity Manager

Using the Workspace ONE Getting Started Wizard, we'll now configure our Directory Services and VMware Identity Manager settings in order to sync our active directory users (corp.local domain) to our VMware Identity Manager tenant.

1.1. Open the Enterprise Connector & Directory Wizard

In the AirWatch Console:

  1. Click Getting Started
  2. Expand Getting Started
  3. Click Workspace ONE
  4. Click the + on the Setup header if it is collapsed
  5. Click Configure for the Enterprise Connector & Directory section

1.2. Configure Active Directory Server Settings

  1. Enter "controlcenter.corp.local" for the Server.
  2. Select None for the Encryption Type.
  3. Enter "389" for the Port.
  4. Enter "3" for Protocol Version.

1.3. Enter the Active Directory Binding Information Settings

  1. Scroll down to find the Binding Information section.
  2. Select GSS-NEGOTIATE for the Bind Authentication Type.
  3. Enter "corp\administrator" for the Bind Username.
  4. Enter "VMware1!" for the Bind Password.
  5. Enter "corp.local" for the Domain.
  6. Click Save.

1.4. Test the Active Directory Connection

  1. Click Test Connection.
  2. Confirm the Connection successful with the given Servername, Bind Username and Password message appears.
  3. Click Continue.

1.5. Enter the VMware Identity Manager Connection Details

  1. Enter your Tenant URL in the Tenant URL field.  
    NOTE - Details on retrieving your Tenant URL were listed in the Login to the VMware Identity Manager Console section, please return to that step if you do not remember your Tenant URL.
    NOTE - Please ensure that there is no trailing slash at the end of your Tenant URL to avoid any connection issues.
  2. Enter "Administrator" for the Username.
  3. Enter "VMware1!" for the Password.
  4. Click Test Connection and ensure the Test connection successful! prompt displays.
  5. Click Continue.

1.6. Configure and Save the VMware Identity Manager Settings

  1. Select Yes for Do you want to use AirWatch to authenticate users?
  2. Click Save.
    NOTE - The Save process may take several seconds to complete, please be patient.  The Finish button will become clickable once the process finishes.
  3. Click Finish.

1.7. Open All Settings

Open All Settings

Advanced Directory Services configurations will need to be made for the purpose of this lab.

  1. Click Groups & Settings .
  2. Click All Settings.

1.8. Configure the Directory Services Group Settings

  1. Click System.
  2. Expand Enterprise Integration.
  3. Click Directory Services.
  4. Click the Group tab.
  5. Enter "container" for the Organizational Unit Object Class.
  6. Expand Advanced.

1.9. Configure the Organizational Unit

  1. Scroll down to the bottom of the page.
  2. Click the Pencil (Edit) icon next to the Organizational Unit field.  This allows the Organizational Unit field to be edited.
  3. Enter "cn" for the Organizational Unit.
  4. Click Save.
  5. Click Test Connection.
  6. Confirm the Connection successful with given Servername, Bind Username and Password message appears.

1.10. Close the Directory Services Menu

Click Close in the top right corner.

2. Add A New User Group

Next we will create a User Group from our AD users for use within our VMware Identity Manager tenant.

  1. Click Accounts.
  2. Expand User Groups.
  3. Click List View.
  4. Mouse over Add.
  5. Click Add User Group.

2.1. Enter the Users Group Details

  1. Select Organizational Unit for the External Type.
  2. Enter "Users" for the Search Text.
  3. Click Search.
  4. Select the Users option under Group Name.
  5. Click Save.

2.2. Edit the User Group

Click the Edit (Pencil) button next to the Users user group that was created.

2.3. Update the User Group Settings

  1. You may need to scroll down to the bottom of the menu.
  2. Enter "100" for the Maximum Allowable Changes.
  3. Enable Add Group Members Automatically.
  4. Click Save.

2.4. Sync AD Users

Sync AD Users
  1. Click the Check box next to the Users user group to select it.
  2. Click on the Sync button.  This will add all the users in our "Users" group from Active Directory to AirWatch.

2.5. Acknowledge Sync

Acknowledge Sync

Click OK.

2.6. Confirm Sync

Confirm Sync
  1. To view the number of Users synced to the Users user group, you may need to scroll your screen to the right.
  2. It may take 45-60 seconds to complete the user sync. Please use the refresh button to check the status.
  3. Confirm that you see 5 Users synced for the group.

3. Confirm Sync in VMware Identity Manager Tenant

Upon creating the User Group, our users should be synced to the VMware Identity Manager tenant we integrated with in our AirWatch Console during the Workspace ONE Getting Started Wizard.  We'll review how to confirm the sync within VMware Identity Manager and how to force a re-sync if the users don't appear.

3.1. Validate Sync in VMware Identity Manager Tenant

Return to your VMware Identity Manager Tenant Administration Console.

  1. Click Identity & Access Management
  2. Click Directories
  3. Confirm that you have a second directory besides the System Directory.  If you use the Workspace ONE Getting Started Wizard, this directory will be given a unique name (Company_Directory_{GroupID}).  This newly synced directory should contain 1 domain, 1 synced group and 2 synced users.  Confirm you see the same for your directory.

3.2. Force Re-Sync (IF NEEDED)

If your domain and users do not exist within VMware Identity Manager, you can force a re-sync to occur from the AirWatch Console.  If this step is needed, return to the AirWatch Console and navigate to Groups & Settings > All Settings.

  1. Click System
  2. Click Enterprise Integration
  3. Click VMware Identity Manager
  4. Scroll down to the bottom of the VMware Identity Manager settings page
  5. Click Sync Now.  Note that this re-sync action is limited by a timer once used, so you'll need to wait before being allowed to issue a manually re-sync should you use it.

0 Comments

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.