Integrating Active Directory and Workspace ONE UEM

In this steps you will integrate Microsoft AD with Workspace ONE UEM.

This integration is required for a couple reasons:

  1. The User Certificate will be generated based on the Enrolled user information.
  2. Workspace ONE UEM will send the certificate request to Microsoft CA based in a certificate template that requires the user information.
  3. In order to perform Kerberos authentication, a Domain account is required..
  1. Click Groups & Settings.
  2. Click All Settings.

1. VMware Enterprise Systems Connector

In this step you will enable VMware Enterprise Systems Connector, which act as a Gateway between your devices and internal services like Microsoft AD, Certificate Authority, SMP Server, etc...

1.1. Enable VMware Enterprise Systems Connector

Enable ACC
  1. Click System
  2. Click Enterprise Integration
  3. Click VMware Enterprise Systems Connector
  4. Select Override
  5. Click Enable for VMware Enterprise System Connector
  6. Click Enable Auto Update
  7. Click Save

1.2. Download VMware Enterprise Systems Connector

Download

Click the Download VMware Enterprise Systems Connector Installer link.

A new screen requesting a password with minimum of 6 characters will popup. This password will be requested when you run the installer to allow to import the current settings to the VMware Enterprise Systems Connector server that you are just installing.

After provide the password, the installer will be download under your Downloads folder.

1.3. Create a Password for the VMware Enterprise Systems Connector Installer Certificate

Password
  1. Enter VMware1! for the Password.
  2. Enter VMware1! again to confirm the password.
  3. Click Download.

2. Launch the VMware Enterprise Systems Connector

Run Installer

 Once the download is finished, click the VMware Enterprise Systems Connector Installer.exe to begin the installer.

2.1. Run the VMware Enterprise Systems Connector Installer

Click Run when prompted to run this software.

2.2. Begin the VMware Enterprise Systems Connector Installer

Click Next.

2.3. Accept the License Agreement Terms

  1. Select I accept the terms in the license agreement.
  2. Click Next.

2.4. Choose the Program Features to Install

  1. Ensure that the AirWatch Cloud Connector is set to install and that the VMware Identity Manager Connector is not set to install.
  2. Click Next.

2.5. Accept the Default Destination Folder

Accept the default destination folder by clicking Next.

2.6. Enter the Certificate Password

  1. Enter VMware1! for the Certificate Password.
  2. Click Next.

2.7. Disable Outbound Proxy

Leave Outbound Proxy disabled and click Next.

2.8. Begin the Installation Process

Click Install.

2.9. Close the VMware Enterprise Systems Connector Installer

Click Finish.

3. Confirm the VMware Enterprise Systems Connector Installation was Successful

In the Workspace ONE UEM Console,

  1. In the VMware Enterprise Systems Connector settings, scroll down to find the Test Connection button.
  2. Click Test Connection.  Ensure the VMware Enterprise Systems Connector is active message is displayed.

4. Integrating Microsoft AD and Workspace ONE UEM

To integrate Active Directory with Workspace ONE UEM, navigate to the Directory Services settings.

  1. Click Directory Services under Enterprise Integration.
  2. Click Skip wizard and configure manually.

4.1. Configuring AD - Server Settings

Server config
  1. Select Override for Current Settings.
  2. Select Active Directory for Directory Type.
  3. Enter controlcenter.corp.local for Server
  4. Select NONE for Encryption Type
  5. Enter 389 for Port.
  6. Enter 3 for Protocol Version.
  7. Select Disabled for Use Service Account Credentials.
  8. Select GSS-Negotiate for Bind Authentication Type.
  9. Enter corp\imaservice for Bind UserName
  10. Enter VMware1! for Bind Password.
  11. Enter CORP for Domain.
  12. Click the User tab located on the top

4.2. Configuring AD - User Settings

  1. Select Override for Current Settings.
  2. Click on + next to CORP domain.
  3. Select DC=corp,DC=local.
  4. Click the Group tab.

4.3. Configuring AD - Group Settings

  1. Select Override for Current Settings.
  2. Click on + next to CORP domain.
  3. Select DC=corp, DC=local.
  4. Click Server to return to the Server Settings

4.4. Testing AD Connectoin

  1. Scroll down to find the Test Connection button.
  2. Click Test Connection and check for the message Connection successful with the given server name, bind username, and password.
  3. Click Save.