Workspace ONE - Creating Smart Groups Using Campus Active Directory Security and Manifest Groups

This document will go over the process of syncing Campus AD security, and Manifest groups into WS1. It’ll then go over how to create smart groups in WS1 using the newly imported groups.

The use of Campus AD security and Manifest groups in WS1 allows campus WS1 admins to leverage their existing groups for content assignment rather than recreating these groups.

If you have your AD security groups ready to go and are NOT using Manifest groups, skip to the section “Importing your AD security group to WS1” below.

If you are using Manifest groups, begin with the instructions “Nesting your Manifest group in a recognizable security group in AD” before proceeding with “Importing your AD security group to WS1”.

Nesting your Manifest group in a recognizable security group in AD

Before proceeding make sure your Manifest groups are published to Active Directory Services.

  1. Navigate to https://manifest.services.wisc.edu/Groups
  2. Click on the Details button for the Manifest group you want to use in WS1.
  3. Record the UUID from the web page URL (e.g. https://manifest.services.wisc.edu/Group/Index/280abc5d36544efghi8j4k5lmn296770).
    1. This will be the name (CN) of the manifest group published to Active Directory Services.
  4. Navigate to your Campus AD OU and create a new security group in the location of your choice.
  5. Open up the newly created security group and make your manifested group a member of this new security group adding it by its UUID.

Importing your AD security group to WS1

  1. In the Workspace ONE UEM console navigate to Accounts > User Groups > List View.
  2. Click Add > Add User Group.
  3. Select Directory for the Type and Group for the External Type.
  4. In the Search Text field type in the name of your AD security group and click Search when done.
    1. If you did NOT get a search result:
      1. Make sure you enter your AD security group name correctly.
      2. Make sure the AD security group exists in your AD.
      3. Make sure your WS1 OG is connected to your AD of choice: Overriding Campus AD Integration in Workspace ONE
    1. In the Group Name box click your AD security group name once to select it.
      1. If there is only one search result for your AD security group it’ll be selected by default.

        Screenshot of Workspace ONE Add User Group menu

    2. Click Save.
    3. Refresh Accounts > User Groups > List View and your newly imported AD security group should now show up in the User Groups list.
    4. If your group is sourced from Campus AD, please contact service administrators to notify them of the new group so the default permissions can be changed. Without additional action, the group and members will be visible to other campus units. Permission changes are not required when a departmental directory service is used in place of Campus AD
    5. Repeats steps 1-8 for any additional AD security group(s) you want to import into WS1.

    Creating smart groups and assigning your AD security group to it

    1. In the Workspace ONE UEM console navigate to Groups & Settings > Groups > Assignment Groups.
    2. Click Add Smart Group.
    3. Give the new smart group a name of your choice.
    4. Under Organization Group make sure nothing is checked and click the Organization Group menu to minimize it.
    5. Click User Group.
    6. Click the radio button Selected and uncheck any AD security group in the list that you do not want to be a part of the new smart group you’re about to create.
      1. Only the AD security group(s) you want should be checked.

        Screenshot of Workspace ONE Smart Group creation menu

    7. Click Save.

    Deleting imported AD security groups in WS1

    AD security groups are imported and maintained in WS1 at the top-level organizational group if campus WS1 admins have not overridden the Directory Services integration at their OG to use their AD services. Because of this campus admins cannot remove these types of groups once it’s been imported. Contact us for support to get imported AD security groups deleted.

    Campus admins using their own AD service at their OG will be able to delete any imported AD security groups in WS1. To do so:

    1. In the Workspace ONE UEM console navigate to Accounts > User Groups > List View.
    2. Locate your imported AD security group and check the box to the left of its name.
    3. Click More Actions > Delete




    Keywords:Workspace ONE, WS1, Active Directory, Manifest groups   Doc ID:117705
    Owner:Jon D.Group:Endpoint Management
    Created:2022-03-31 12:56 CSTUpdated:2022-11-18 15:44 CST
    Sites:DoIT Help Desk, Endpoint Management
    Feedback:  0   1