Saturday, October 6, 2018

Integrating A Cloud Instance Of Workspace One UEM (AirWatch) With Active Directory

You can easily integrate an Active Directory environment with cloud hosted AirWatch using the AirWatch Cloud Connector.  The AirWatch Cloud Connector can sync users and groups from the on premises AD environment to your AirWatch environment.   It can also handle AD authentication into that environment from AirWatch managed endpoints. 

While the ACC can handle AD integration for both vIDM and AirWatch, because we're looking to integrate with Horizon, we have to manage vIDM's integration with AD through the vIDM Connector, not the ACC.  So, for the ACC deployment in this post we're just going to focus on getting AirWatch integrated with AD.   In the next post I'll cover getting vIDM integrated with AD using the vIDM Connector.  

Deploying The AirWatch Cloud Connector

To get the deployment started, navigate to your Workspace One UEM console directly from the Windows server your installing ACC on.   Once logged in, go to Groups And Settings --> All Settings --> System --> Enterprise Integration --> Cloud Connector.   From there select override, then select, "Enabled," for, "Enable AirWatch Cloud Connector."  

Next, click on the download link for the AirWatch Cloud Connector installer.  You'll get prompted for a certificate password.  Enter in an easy to remember 6 character or longer password.

Then click on the download button.  The installer is less than 20 megs, so it shouldn't take long to download.   Once it's downloaded locally to your Windows server, go ahead and start the install.

You'll see the welcome screen.  Click next.

Go ahead and accept the default install folder.

Enter in the certificate password you entered in earlier when downloading the ACC installer.

Leave the outbound proxy option unchecked. (Unless you have a proxy.)  Then click install to proceed with the installation. 

At completion, you'll see:

Finally, we can now test connectivity from the AirWatch environment to the connector.  From the VMware Enterprise Systems Connector section under Enterprise Integration, beneath the download link is a test button.   If all goes well after clicking the button you'll get the message, "AirWatch Cloud Connector is active."

Now, with the AirWatch Cloud Connector in place, we can start to integrate the Workspace One UEM environment with the local Active Directory environment.

Binding To The Local AD Environment

Navigate to Groups And Settings --> All Settings --> System --> Enterprise Integration --> Directory Services.   Select the directory type, enter in the name of a domain controller and port number.  

After scrolling down, enter in the bind user credentials and domain name.  

Navigate to the user tab.   Enter in a base DN for your users.

Navigate to the Group tab.   Enter in a base DN for your groups. 

Finally, you can test the directory integration by clicking on the Test Connection button.  If all goes well, you'll get the message, "Connection successful with the given server name, bind user name and password."

Now, with the local directory added, you can go to Accounts --> List View, then click Add.  You'll be able to add an AD account from your local AD directory. 

After clicking Add User, select Directory as the user type.   Enter in the username of the AD account you'd like to add. 

After clicking on check name, a bunch of AD attributes from that account will be auto populated.

Click save.  The imported AD account will now show up under users in list view.

You can further test out the integration by enrolling a device using the domain users credentials.  Here's a screen shot from the enrollment process on my iPad.

After providing my AirWatch server and group id, I'm prompted for credentials. 

After entering in the AD credentials there's a prompt to install the MDM profile on the device.

Now you should be able to see the device in the Workspace One UEM console.

At this point, the integration of the Workspace One UEM tenant with the local Active Directory environment is complete.   Next, we can integrate vIDM as detailed in this next post,  Integrating A Cloud Instance Of VMware Identity Manager With Active Directory.

No comments:

Post a Comment