VMware Digital Workspace - (4) Configuring Email Auto-Discovery for Enrollment in Workspace ONE UEM

 Before you can manage devices with Workspace ONE UEM, the devices have to be enrolled.

You can make it really easy for end users to do that if Email Auto-Discovery is configured.

Then users just enter their email address and they won’t have to enter an environment

URL or group ID.

 

In the Workspace ONE UEM console, from the Workspace ONE Getting Started page, scroll

down to Auto-Discovery and click CONFIGURE.

Or you can go to , GROUPS AND SETTINGS > DEVICES & USERS > GENERAL > ENROLLMENT.

In the Authentication Tab, click on Add Email Domain.

For domain, enter the fully qualified domain name.

For email, enter the address of the user account that you will use for the confirmation email.

The email address must use the same domain name.

Now, the server checks for email domain uniqueness.

That means that this domain can be registered to only one organization group in Workspace

ONE UEM.

Anybody whose email address includes this domain will be enrolled in the same org group.

Click CONTINUE.

The configuration is not complete yet.

A confirmation email will be sent to the email address we entered.

Open the email.

You will find an email about Workspace ONE UEM Email Registration,  click the confirmation link.

And success!

Now  go back to the Workspace ONE UEM console, to the Getting Started page, scroll down to

the Auto-Discovery row and click CONFIGURE again.

In the Active Domains text box, select the domain and click CONTINUE.

All right, there is now a check mark under Auto-Discovery and the item is complete.

If you ever want to look at this setting or change it, go to GROUPS & SETTINGS > All Settings

> Devices & Users > General > Enrollment, and then scroll down to the Domain list.

 

VMware Digital Workspace - (3) Adding and Syncing Active Directory User Groups in Workspace ONE Access

 

After you install and configure the Workspace ONE Access Connector, Workspace ONE Access
can integrate with your directory service. You can then synchronize user groups between the two systems.
Workspace ONE Access recently had some changes made to the UI.

In the old navigation, you would go to Identity & Access Management > Manage > Directories,
and then Add Directory.

In the new navigation, you click Components > Directories, and then Add Directory > Active
Directory.

 
For this blog, we call the directory javafeelers.lab, and select Active Directory over Integrated Windows Authentication.

• The sync host stuff is already filled out by default.

• For the Bind details, we’ll use the user name and password for binding to the directory server but make sure to also specify the fully qualified domain name.

• Click Save & Configure.

• Click Next.

• On the Map User Attributes page, scroll down to see what all the attributes are, and click Next.

Note : One important thing to consider here is  that, make sure you are making the right attributes as required. For any AD user/ a group of AD users, that does not have that required attribute configured in AD will not sync in Workspace ONE Access. Also keep in mind that you can only mark attributes required before any directory is created in the Workspace ONE Access service. After a directory is created, you can no longer change an attribute to be a required attribute.

• We have to specify the top-level group, Click the plus sign, and the top-level group is OU=*your OU* and DC= *domain name* and DC=*com*.

• Click Select Groups. The user group name is returned.

• Select the check box for that, and click Save.

• Click Next.

• To specify the user DNs, click the plus sign, and put the user DN over there. It will sync all users found in that group.
  

• Click Test.

• Click Next.

• For frequency, Change it as per your requirement.

• And then click Sync Directory.