VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Configure an Identity Source for Workspace ONE Access

To enable identity and access management in the SDDC, you integrate your Active Directory with
Workspace ONE Access
 and configure attributes to synchronize users and groups.
  1. In a web browser, log in to
    Workspace ONE Access
     by using the administration interface to the
    System Domain
     with
    configadmin
     user (https://
    <wsa_fqdn>
    /admin).
  2. On the main navigation bar, click
    Identity and access management
    .
  3. Click the
    Directories
     tab, and from the
    Add directory
     drop-down menu, select
    Add Active Directory over LDAP/IWA
    .
  4. On the
    Add directory
     page, configure the following settings, click
    Test connection
     and click
    Save and next
    .
    Setting
    Value
    Directory name
    Enter a name for directory.
    For example,
    sfo.rainpole.io
    .
    Active Directory over LDAP
    Selected
    Sync connector
    Select the FQDN of
    vidm-primary
    Do you want this connector to also perform authentication?
    Yes
    Directory search attribute
    SAMAccountName
    This Directory requires all connections to use STARTTLS (Optional)
    If you want to secure communication between
    Workspace ONE Access
     and Active Directory select this option and paste the Root CA certificate in the SSL Certificate box.
    Base DN
    Enter the Base Distinguished Name from which to start user searches.
    For example,
    cn=Users,dc=sfo,dc=rainpole,dc=io
    .
    Bind DN
    Enter the DN for the user to connect to Active Directory.
    For example,
    cn=svc-wsa-ad,ou=Service Accounts,dc=sfo,dc=rainpole,dc=io
    .
    Bind user password
    Enter the password for the Bind user.
    For example:
    svc-wsa-ad_password
    .
  5. On the
    Select the domains
     page, review the domain name and click
    Next
    .
  6. On the
    Map user attributes
     page, review the attribute mappings and click
    Next
    .
  7. On the
    Select the groups (users) you want to sync
     page, enter the distinguished name for the folder containing your groups (For example
    OU=Security Groups,DC=sfo,DC=rainpole,DC=io
    ) and click
    Select
    .
  8. For each
    Group DN
     you want to include, select the group to use by
    Workspace ONE Access
     for each of the roles, and click
    Save
     then
    Next
    .
    Product
    Role Assigned via Group
    Workspace ONE Access
    Super Admin
    Directory Admin
    ReadOnly Admin
    vRealize Suite Lifecycle Manager
    VCF Role
    Content Admin
    Content Developers
  9. On the
    Select the Users you would like to sync
     page, enter the distinguished name for the folder containing your users (e.g.
    OU=Users,DC=sfo,DC=rainpole,DC=io
    ) and click
    Next
    .
  10. On the
    Review
     page, click
    Edit
    , from the
    Sync frequency
     drop-down menu, select
    Every 15 minutes
    , and click
    Save
    .
  11. To initialize the directory import, click
    Sync directory
    .

Content feedback and comments