I'm wondering the best practice for AD sync with a WS1 UEM and WS1 Access environment. See attached image.
I understand that the AirWatch Cloud Connector (ACC) connects to AD and syncs to WS1 UEM. Once in UEM, these users can then be synced TO WS1 Access. There are some use cases that this method does not support (Horizon, etc)
I also understand that the WS1 Access Connector can be used to sync AD directly with WS1 Access. This method supports all use cases and removes the dependency on WS1.
I'd like to avoid over complicating things but unsure about what is best practice and why. Thank you!
Based on my understanding and knowledge, it is recommended to have both Workspace one Access connector and Airwatch Cloud Connector deployed.
You can provisioning users from WS1 access to Worksapce One UEM with the application called AirWatch provisioning. This is usually used when have a JIT directory in WS1 access.
Thank you for the reply and link. For some reason your link escaped my searching.
For those coming across this later, here's an additional link regarding AirWatch Provisioning: https://docs.vmware.com/en/VMware-Workspace-ONE-Access/services/ws1access-awprovisiongapp/GUID-11206...
From the above link: You use the AirWatch Provisioning app with the Workspace ONE UEM service when an LDAP server cannot be used with the VMware AirWatch Cloud Connector to synchronize users.
So to me this sounds like the ACC should be used if possible as a first resort, and then if not possible use the AirWatch Provisioning app.
From my additional research I have also concluded that running both the ACC and the WS1 Access Connector simultaneously seems to be the preferred route (for reasons I do not know). Perhaps it is to remove the WS1 dependency for syncing users into WS1 Access, or something else similar.