Modern Workplace and Management with the efficiency of pure Cloud – Part 8 (Integration of Microsoft Azure in Workspace ONE)

Integration of Microsoft Azure AD as Directory Services in Workspace ONE UEM

In case you want to integrate a Directory Service in Workspace ONE UEM for instance Microsoft Azure AD you can do this as follows.

  • Log into Workspace ONE UEM
  • Groups & Settings
  • All Settings
  • System
  • Enterprise Integration
  • Directory Services
  • Scroll down to Azure AD Integration
  • Click Enabled
  • Directory ID: Put in your Azure AD Directory ID
    • Log into your Azure AD tenant
    • Click Azure Active Directory
    • Properties
    • Copy Tenant ID
  • Go back to the Workspace ONE UEM console
  • Paste the Tenant ID in Directory ID
  • Use Azure AD For Identity Services click Enabled
    • New options will be available
    • Check the URLs for MDM discovery and MDM Terms of Use
      • That have to include your Workspace ONE UEM tenant Name
    • Tenant Name
      • you find it in Azure AD – Azure Active Directory
      • Overview tab
      • Primary domain
    • Immutable ID Mapping Attribute type in objectGUID
      • objectGUID is default but depending on the design of the Azure AD concept it could be a different sourceAnchor attribute. The next most commonly used is mS-DS-ConsistencyGuid (caution: case sensitive and have to be written exactly as descriped). For all details check the Microsoft Azure AD connect concepts
  • Mapping Attribute Data Type = Binary
  • Save

Workspace ONE Access – Azure AD Mapping attribute

To add an additional attribute to the user accounts which will then be synchronized to Workspace ONE UEM from Workspace ONE Access we will add that attribute in Workspace ONE Access for the AirWatch provisioning application in the user provisioning options.

  • Log into Workspace ONE Access
  • Catalog
  • AirWatch provisioning application
  • Edit
  • User provisioning on the left
  • Add Mapping
  • Choose AAD Mapping Attribute as Name
  • Choose ${user.ExternalId} as Value

Now we will check if the attribute will be synchronized to Workspace ONE UEM with the user.

  • Log into Workspace ONE UEM
  • Accounts
  • List View
  • Choose a user by click on the name
  • Click Edit on the top right corner
  • That will bring up additional information
  • Check that the Azure Active Directory Mapping Attribute is the same as the ExternalID in the user account in Workspace ONE Access
    • You must match the sourceAnchor attribute being sent to Azure AD with the Immutable ID Mapping Attribute in the Workspace ONE UEM Console

Switch to your Workspace ONE Access.

Make sure your externalID from Okta is in the user profile from Workspace ONE Access as externalID. In Okta check if the Profile mapping is correct.

The attributes have to be mapped correctly through the whole implementation.

106 Total Views 2 Views Today
twitterlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *