Workspace ONE - Creating Smart Groups Using Campus Active Directory Security and Manifest Groups

Directory-based groups such as Campus Active Directory security groups and Manifest groups can synced to Workspace ONE, allowing units to leverage existing groups for content assignment rather than recreating these groups in Workspace ONE. This document describes the process of syncing Campus AD security and Manifest group membership into Workspace ONE, as well as the creation of smart groups in WS1 using your newly synced directory-based groups.

If you have your AD security groups ready to go and are NOT using Manifest groups, skip to the section “Importing your AD security group to WS1” below.
If you are using Manifest groups, begin with the instructions “Nesting your Manifest group in a recognizable security group in AD” before proceeding with “Importing your AD security group to WS1”.

Nesting your Manifest group in a recognizable security group in AD

Before proceeding make sure your Manifest groups are published to Active Directory Services.

  1. Navigate to https://manifest.services.wisc.edu/Groups
  2. Click on the Details button for the Manifest group you want to use in WS1.
  3. Record the UUID from the web page URL (e.g. https://manifest.services.wisc.edu/Group/Index/280abc5d36544efghi8j4k5lmn296770).
    1. This will be the name (CN) of the manifest group published to Active Directory Services.
  4. Navigate to your Campus AD OU and create a new security group in the location of your choice.
  5. Open up the newly created security group and make your manifested group a member of this new security group adding it by its UUID.

Importing your AD security group to WS1

  1. In the Workspace ONE UEM console navigate to Accounts > User Groups > List View.
  2. Click Add > Add User Group.
  3. Select Directory for the Type and Group for the External Type.
  4. In the Search Text field type in the name of your AD security group and click Search when done.
    1. If you did NOT get a search result:
      1. Make sure you enter your AD security group name correctly.
      2. Make sure the AD security group exists in your AD.
      3. Make sure your WS1 OG is connected to your AD of choice: Overriding Campus AD Integration in Workspace ONE
    1. In the Group Name box click your AD security group name once to select it.
      1. If there is only one search result for your AD security group it’ll be selected by default.

        Screenshot of Workspace ONE Add User Group menu

    2. Click Save.
    3. Refresh Accounts > User Groups > List View and your newly imported AD security group should now show up in the User Groups list.
    4. If your group is sourced from Campus AD, please contact service administrators to notify them of the new group so the default permissions can be changed. Without additional action, the group and members will be visible to other campus units. Permission changes are not required when a departmental directory service is used in place of Campus AD
    5. Repeats steps 1-8 for any additional AD security group(s) you want to import into WS1.

    Creating smart groups and assigning your AD security group to it

    1. In the Workspace ONE UEM console navigate to Groups & Settings > Groups > Assignment Groups.
    2. Click Add Smart Group.
    3. Give the new smart group a name of your choice.
    4. Under Organization Group make sure nothing is checked and click the Organization Group menu to minimize it.
    5. Click User Group.
    6. Click the radio button Selected and uncheck any AD security group in the list that you do not want to be a part of the new smart group you’re about to create.
      1. Only the AD security group(s) you want should be checked.

        Screenshot of Workspace ONE Smart Group creation menu

    7. Click Save.

    Deleting imported AD security groups in WS1

    AD security groups are imported and maintained in WS1 at the top-level organizational group if campus WS1 admins have not overridden the Directory Services integration at their OG to use their AD services. Campus admins cannot remove these types of groups once they've been imported. If you would like to have a synced Campus AD security group removed, Contact us for support.

    Campus admins that overridden the inherited Campus AD integration to configure a departmental directory service at their OG will be able to delete security groups synced from their directory service. To do so:

    1. In the Workspace ONE UEM console navigate to Accounts > User Groups > List View.
    2. Locate your imported AD security group and check the box to the left of its name.
    3. Click More Actions > Delete


    KeywordsWorkspace ONE, WS1, Active Directory, Manifest groups   Doc ID117705
    OwnerJon D.GroupEndpoint Management
    Created2022-03-31 12:56:03Updated2024-04-03 16:25:22
    SitesDoIT Help Desk, Endpoint Management
    Feedback  1   1