Re: Connecting with Azure AD

shabsn · ‎10-30-2018

Hello, is there a way to connect our airwatch to azure ad? We want to add new users only in AAD and want them to be deployed automatically to airwatch. Is this possible? I already did the ' step by step connecting to azure ad' tutorial from vmware, but I am not sure if this works, because in the toturial they want me to add the new user also manually in airwatch. Thanks, Daniel

pmeuser · ‎01-24-2019

Daniel, you should consider to use Azure AD Domain Services to do the trick.

shabsn · ‎01-24-2019

What do you mean?

pmeuser · ‎01-24-2019

Daniel, please have a look how Azure AD Domain Services works. It provides a LDAP interface to AAD user and group objects, that can be consumed by ACC.

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/

Hopefully VMware will connect to AAD natively, soon to be welcomed to the age of modern cloud services ...

shabsn · ‎01-27-2019

I tried this one here:

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/airwatch-tutorial

but after hours of testing and researching, I just couldnt get it working....

evidesmedt · ‎01-29-2019

Hello i have worspace one uem trial. i also tried to set up azure ad with airwatch with the doc from microsoft: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/airwatch-tutorial but the connection doesn't seem to work. i did the same with mobileiron and this work from first time. workspace doesn't seem to work. i followed the guide. but it's my first time with workspace and i'm probably doing something wrong, or forgot something don't know. anyhelp would be appreciated. because i did manage to set up ldap connection and that seemd to work, i was able to add users from local ad.

RohitBorekar · ‎02-04-2019

Assuming you have ' Use Azure AD For Identity Services' enable under Enterprise integration - Directory services?

GautamSabarwal · ‎02-07-2019

I've got Azure AD working with Airwatch. A lot of functionality is not there. To import a user into airwatch, you need to enrol them into a device (can't use staging account). User has to have an Azure AD P1 license as well. Apple DEP is also not supported. So if you have Apple DEP devices, you can't really use Azure AD.

pmeuser · ‎02-07-2019

Gautam, please have a look at Azure AD Domain Services and its LDAP support to integrate with AirWatch. This will overcome all of your limitations. VMware should spent some time to document this simple approach.

Indeed as better solution, AirWatch should provide a direct way to sync user IDs with Azure AD without any additional service, for example in supporting SCIM. But maybe they just want to leave some advantages to Intune ...

GautamSabarwal · ‎02-07-2019

Peter, thats what I did in the end. Getting Azure AD to work on its own was a challenge. Having tried both intune and airwatch, although intune does integrate better, its not great as an MDM. Another thing I am considering is using intune as MAM and airwatch as MDM, as intune manages Office365 a lot better.

gnavas · ‎04-30-2019

Gautam, please,could you kindly provide us the exact steps how you got that Azure AD worked with Airwatch. In my case, the device is not enrolling so I can add any user.

Done it. But we cannot enroll Android Devices with Azure AD users. Is that correct?

EMMJunkie · ‎07-18-2019

We have configured LDAPS from within Azure Active Directory Domain services and integrated this with Workspace ONE UEM. At present we are able to sync users back to the Workspace ONE UEM console but unable to sync users within groups back to the Workspace ONE console. Has anyone come across this, experienced the same issue?

gnavas · ‎07-19-2019

Sean, can you enroll Android devices with this integration or just only Windows 10 devices instead of?. I did a service request to VMWARE and answer us that eht only way to do that is configure LDAPS with SAML authentication. When we checked (and worked) With the AD DS we added users but not users groups.

EMMJunkie · ‎07-19-2019

Gemma, thank you for your response. We have not yet tested enrollment but would assume any device type should be able to be enrolled (not using a device enrollment program but agent based), would need to test enrollment with device types that have enrollment programs (SBM, Android Enterprise, Samsung Knox, Autopilot).

We are able to sync users and groups from Azure AD but if we sync a group with a user in it, the user is not synced within the group. Have logged a support ticket with VMware and will update this thread when I have further information.

All

Connecting with Azure AD

Enterprise Integration