VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Directories and Identity Provider Design for Workspace ONE Access

You integrate your enterprise directory with Workspace ONE Access to synchronize users and groups to provide role based access control to enterprise users.

Directories

Workspace ONE Access has its own concept of a directory, corresponding to Active Directory or LDAP directories in your environment. This internal Workspace ONE Access directory uses attributes to define users and groups. You create one or more directories in the identity and access management service and then synchronize each directory with your corresponding Active Directory or LDAP directory. Workspace ONE Access integrates with the following types of directories:
Supported External Directories in Workspace ONE Access
Directory Type
Considerations
Active Directory over LDAP
  • Supports connecting to a single Active Directory domain.
  • The native connector binds to Active Directory using simple bind authentication.
  • If you have more than one domain in a forest, you must create a directory for each domain.
Active Directory over Integrated Windows Authentication
  • Supports connecting to a multi-domain or multi-forest Active Directory environment.
  • The native connector binds to Active Directory using Integrated Windows Authentication.
  • The type and number of directories that you create vary according to your Active Directory environment, such as single-domain or multi-domain, and on the type of trust used between domains.
  • In most environments, you create a single directory.
LDAP directory
  • Supports integrating enterprise LDAP directories with Workspace ONE Access.
  • You can integrate only a single-domain LDAP directory.
  • Workspace ONE Access supports only OpenLDAP implementations that support paged search queries.
During the integration of Workspace ONE Access, you must:
  • Specify the attributes for users required in the Workspace ONE Access service.
  • Add a directory in Workspace ONE Access for the directory type for your organization.
  • Map user attributes between your enterprise directory and Workspace ONE Access.
  • Specify and synchronize directory users and groups.
  • Establish a synchronization schedule or synchronize on-demand.
This design uses Active Directory over LDAP.

Identity Providers and Connectors

Workspace ONE Access synchronizes with the organization's Active Directory by using the native connector component. Any required users and groups that are provided access to the SDDC components that are connected to Workspace ONE Access are synchronized into Workspace ONE Access. In addition, the connector is the default identity provider and authenticates users to the identity and access management service. Authentication uses your organization's enterprise directory, but searches are made against the local Workspace ONE Access directory mirror. You can configure high availability for directory synchronization by associating the directory with multiple connector instances.

Content feedback and comments