Add Active Directory with integrated Windows authentication

You can use
VMware Aria Suite Lifecycle
to create a Active Directory with integrated Windows authentication directory type when you plan to connect to a multi-domain Active Directory environment. The connector binds to Active Directory by using Integrated Windows Authentication.
Verify that you have the required user credentials to add a directory.
  1. Click
    Identity and Tenant Management
    on the My Services dashboard.
  2. Navigate to Directory Management tab, click
    Directories
    .
  3. Click
    +Add Directory
    and click
    Add Active Directory Over IWA
    .
  4. On the
    Directory Detail
    tab:
    Fields
    Description
    Directory Information
    Enter a valid Directory Name.
    Directory Sync and Authentication
    Select the connector to sync with Active Directory. Connector is a
    VMware Workspace ONE Access
    service component that synchronizes users and group data between Active Directory and
    VMware Workspace ONE Access
    service. It authenticates users. Each
    VMware Workspace ONE Access
    appliance node contains a default connector component. If necessary, a dedicated connector can also be deployed through a global environment scale-out.
    Authentication Enabled
    You can indicate whether the selected connector also performs authentication. If you are using a third-party identity provider to authenticate users, click
    No
    .
    Directory Search Attribute
    Select a search attribute from the drop-down menu.
    Certificates
    • If your Active Directory requires access over SSL/TLS, select the
      Directory requires all connections to use STARTTLS
      check box in the
      Certificates
      section, and copy and paste the domain controllers Intermediate (if used) and Root CA certificates into the
      SSL Certificate
      text box. Enter the Intermediate CA certificate first, then the Root CA certificate. Ensure that each certificate is in the PEM format and includes the BEGIN CERTIFICATE and END CERTIFICATE lines. If the domain controllers have certificates from multiple Intermediate and Root Certificate Authorities, enter all the Intermediate-Root CA certificate chains, one after the other. If your Active Directory requires access over SSL/TLS and you do not provide the certificates, you cannot create the directory.
    Join Domain Details
    Enter the Domain Name, Domain Admin user name, and Domain Password.
    Bind User Details
    • Enter the
      Bind Username
      and
      Bind Password
      of the bind user who has permission to query users and groups for the required domains. Enter the user name as
      sAMAccountName@domain
      , where domain is the fully qualified domain name. Using a Bind user account with a non-expiring password.
  5. Click
    Create and Next
    .
    You can select the domains that should be associated with the Active Directory connection.
  6. On the
    Domain Selection Detail
    tab, select the domain and click
    Submit and Next
    .
    The Active Directory with IWA populates the list of domains and you can select or edit the domains as required.
  7. To verify that the
    VMware Workspace ONE Access
    directory attribute names are mapped to the correct Active Directory attributes, on the
    Map Attribute
    tab, select the required attribute and click
    Submit and Next
    .
  8. On the
    Group Selection
    tab, specify the Group DN details and click
    Next
    .
    To select groups, click
    Add Group Distinguished Name
    , and specify one or more group DNs and select the groups under them. Specify group DNs that are under the Base DN that you entered in the Base DN text box in the Add Directory section. If a group DN is outside the Base DN, users from that DN will be synced but you cannot log in.
    When you sync a group, any users that do not have Domain Users as their primary group in Active Directory are not synced.
    1. Select the
      Sync Nested Group Members
      option.
  9. On the
    User Selection
    tab, enter the User DN details and click
    Next
    .
    When this option is enabled, all the users that belong directly to the group you select and all the users that belong to nested groups under it are synced when the group is entitled. Note that the nested groups are not synced; only the users that belong to the nested groups are synced. In the
    VMware Workspace ONE Access
    directory, these users are members of the parent group that you selected for sync. If the
    Sync nested group members
    option is disabled, when you specify a group to sync, all the users that belong directly to that group are synced. Users that belong to nested groups under it are not synced. Disabling this option is useful for large Active Directory configurations where traversing a group tree is resource and time intensive. If you disable this option, ensure that you select all the groups whose users you want to sync.
    Suite administrators is a user name in the Active Directory who acts as an Admin user for the deployed suite products, Logs, and AD table.
  10. On the
    Dry Run Check
    tab, read the Summary.
  11. Click
    Sync and Complete
    to start the sync to the directory. The connection to Active Directory will be established and users and group names are synced from the Active Directory to the
    VMware Workspace ONE Access
    directory.
  12. Click
    Submit
    .
  13. To edit, click the
    Edit
    icon on the specific active directory in the list of active directories. New information is appended to the configuration on
    VMware Workspace ONE Access
    . However, if removed by editing you can only remove the configuration from the
    VMware Aria Suite Lifecycle
    inventory and not from the
    VMware Workspace ONE Access
    .
  14. To delete, click the
    Delete
    icon on the specific active directory in the list of active directories. You can delete the active directory only from
    VMware Aria Suite Lifecycle
    inventory and not from
    VMware Workspace ONE Access
    .