Directory Services

At the User Context > Directory Services node of the Workspace Control Console you can configure Directory Services. The Directory Services used in your organization are the basis for your Workspace Control environment. Workspace Control delivers applications and resources based on the user, OU and group information that it retrieves from the Directory Services listed.

A Directory Service is used to store information about resources (such as printers), services (such as e-mail) and users in a network. The Directory Service provides information on these objects, organizes them, and provides authentication and validation. A well-planned and well-maintained Directory Service reflects the hierarchical and functional structure of an organization and is a powerful tool in the delivery of applications and resources to users.

Workspace Control can retrieve information from:

  • Microsoft Active Directory (also called AD)

  • Microsoft Azure Active Directory (also called Azure AD)

  • The local computer

The Primary Domain of the Agent will be configured by default. However, you can use multiple Directory Services concurrently. This makes it possible to use Workspace Control for specific parts of your IT environment. This can be particularly useful in very mixed environments, in environments where different administrators manage different sections, or if you wish to introduce Workspace Control gradually rather than all at once.

When using Azure AD, Workspace Control manages Azure AD Joined devices.

Azure Active Directory limitations

The following limitations apply when configuring Azure AD for Workspace Control:

  • Simultaneously configuring both on-premise AD and Azure AD services in the Workspace Control Console is not supported.

  • Combining Azure AD groups or users with on-premise AD groups or users on Workspace Control configurable objects is not supported.

  • Azure AD Hybrid Joined devices are not supported when configuring Azure AD. Such devices need to retrieve their configuration based on Access Control with AD groups or users.

To use both on-premise AD and Azure AD services at the same time, create separate Datastores for each type of Active Directory service. License requests for dividing the active licenses between the separate Datastores are managed by the Ivanti license desk.