{"id":146,"date":"2019-02-27T12:10:40","date_gmt":"2019-02-27T12:10:40","guid":{"rendered":"http:\/\/172.23.1.43\/?p=146"},"modified":"2022-06-07T22:26:14","modified_gmt":"2022-06-07T22:26:14","slug":"how-to-configure-workspace-one-uem-and-ms-ds-consistencyguid","status":"publish","type":"post","link":"https:\/\/blog.n-dol.org\/2019\/02\/27\/how-to-configure-workspace-one-uem-and-ms-ds-consistencyguid\/","title":{"rendered":"How to configure Workspace ONE UEM and mS-DS-ConsistencyGuid"},"content":{"rendered":"\n<p>When it comes to Azure AD integration within Workspace ONE UEM. The configuration is quite straight forward, however when we work on complex environment with a lot of different Active Directory, it can become complex as the source Anchor is going to change most of the time from objectGUID to mS-DS-ConsistencyGuid, which is also the <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/hybrid\/plan-connect-design-concepts#using-ms-ds-consistencyguid-as-sourceanchor\">best practice from Microsoft<\/a>. If you are in this case, most likely the mS-DS-ConsistencyGuid won&#8217;t equal the objectGUID that why it is important to configure it properly.<\/p>\n\n\n\n<p>To check the immutable ID\/Source Anchor in Azure AD, check this post :\u00a0<a href=\"http:\/\/172.23.1.43\/2019\/02\/27\/how-to-check-the-immutable-id-source-anchor\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">How to check the Immutable ID\/Source Anchor<\/a><\/p>\n\n\n\n<!--more-->\n\n\n\n<h1 class=\"wp-block-heading\">Configure Azure AD Integration in Workspace ONE UEM<\/h1>\n\n\n\n<p>The configuration of the Azure integration have to be done at the same level as the Active Directory configuration.<\/p>\n\n\n\n<p>1 &#8211; Open<strong> Workspace ONE UEM<\/strong> console, go to&nbsp;<strong>Groups &amp; Settings<\/strong> then&nbsp;<strong>All Settings<\/strong><\/p>\n\n\n\n<p>2 &#8211; Navigate to <strong>System &gt; Enterprise Integration &gt; Directory Services<\/strong><\/p>\n\n\n\n<p>3 &#8211; Put&nbsp;<strong>Use Azure AD For Identity Services<\/strong> to <strong>Enabled<\/strong><\/p>\n\n\n\n<p>4 &#8211; Enter the <strong>Directory ID<\/strong> and <strong>Tenant Name<\/strong>. These informations are available in the Azure portal.<\/p>\n\n\n\n<p>5 &#8211; In <strong>Immutable ID Mapping Attribute<\/strong> field put <strong>mS-DS-ConsistencyGuid<\/strong>, (<span style=\"text-decoration: underline;\">case sensitive<\/span>)<\/p>\n\n\n\n<p>6 &#8211; Make sure that <strong>Mapping Attribute Data Type<\/strong> is at <strong>Binary<\/strong><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img decoding=\"async\" src=\"http:\/\/172.23.1.43\/wp-content\/uploads\/2019\/02\/workspace-one-uem-immutableid-configuration.jpg\" alt=\"Workspace-ONE-UEM-ImmutableID-Configuration\" class=\"wp-image-222\" width=\"553\" height=\"108\" srcset=\"https:\/\/blog.n-dol.org\/wp-content\/uploads\/2019\/02\/workspace-one-uem-immutableid-configuration.jpg 553w, https:\/\/blog.n-dol.org\/wp-content\/uploads\/2019\/02\/workspace-one-uem-immutableid-configuration-300x59.jpg 300w\" sizes=\"(max-width: 553px) 100vw, 553px\" \/><\/figure><\/div>\n\n\n\n<p>7 &#8211; Optional, this will force a sync now instead of waiting for the next Directory Sync, go to&nbsp;<strong>User<\/strong> tab, click on&nbsp;<strong>Advanced<\/strong><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img decoding=\"async\" src=\"http:\/\/172.23.1.43\/wp-content\/uploads\/2019\/02\/workspace-one-uem-immutableid-usertab-advanced-1.jpg\" alt=\"Workspace-ONE-UEM-ImmutableID-UserTab-Advanced\" class=\"wp-image-229\" width=\"490\" height=\"509\" srcset=\"https:\/\/blog.n-dol.org\/wp-content\/uploads\/2019\/02\/workspace-one-uem-immutableid-usertab-advanced-1.jpg 490w, https:\/\/blog.n-dol.org\/wp-content\/uploads\/2019\/02\/workspace-one-uem-immutableid-usertab-advanced-1-289x300.jpg 289w\" sizes=\"(max-width: 490px) 100vw, 490px\" \/><\/figure><\/div>\n\n\n\n<p>8 &#8211; Scroll all the way down then click&nbsp;<strong>Sync Attributes<\/strong><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"820\" height=\"246\" src=\"http:\/\/172.23.1.43\/wp-content\/uploads\/2019\/02\/workspace-one-uem-immutableid-usertab-syncattributes.jpg\" alt=\"Workspace-ONE-UEM-ImmutableID-UserTab-SyncAttributes\" class=\"wp-image-228\" srcset=\"https:\/\/blog.n-dol.org\/wp-content\/uploads\/2019\/02\/workspace-one-uem-immutableid-usertab-syncattributes.jpg 820w, https:\/\/blog.n-dol.org\/wp-content\/uploads\/2019\/02\/workspace-one-uem-immutableid-usertab-syncattributes-300x90.jpg 300w, https:\/\/blog.n-dol.org\/wp-content\/uploads\/2019\/02\/workspace-one-uem-immutableid-usertab-syncattributes-768x230.jpg 768w\" sizes=\"(max-width: 820px) 100vw, 820px\" \/><\/figure><\/div>\n\n\n\n<p>You won&#8217;t see the Immutable ID attribute within the console, it&#8217;s in the database, there is no access to it. If you really want to make sure, you can use the custom attributes to display it but as the attribute is in Binary, it will display weird characters.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When it comes to Azure AD integration within Workspace ONE UEM. The configuration is quite straight forward, however when we&hellip;<\/p>\n","protected":false},"author":5614970,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[2157457,38600,672890795],"tags":[22299055,121169617,651069476],"_links":{"self":[{"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/posts\/146"}],"collection":[{"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/users\/5614970"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/comments?post=146"}],"version-history":[{"count":11,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/posts\/146\/revisions"}],"predecessor-version":[{"id":850,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/posts\/146\/revisions\/850"}],"wp:attachment":[{"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/media?parent=146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/categories?post=146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/tags?post=146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}