Using the User Migration Feature

Customers with Basic Users intending to switch over to LDAP users may now employ the User Migration feature in the AirWatch Admin Console. The User Migration tool provides an easy way to check existing Basic Users against current directory users and consolidate information throughout. Additionally, customers using Auth Proxy and/or old/legacy SAML who want to start utilizing User Groups may employ the User Migration feature to update their users.

Potential Impact

If you are using the Apple Volume Purchase Program (VPP) for application distribution, please keep in mind that the migration tool will not automatically update the VPP user information.  Any VPP apps that have been assigned to the device/user prior to the migration will be removed and will have to be reassigned. 

Setting up your LDAP

  1. Configure your Directory Services. 
    Note: For more information on integrating Directory Services with AirWatch, please refer to the AirWatch Directory Services Guide in the Resources Portal.
  2. Add Directory Services Users to which you will be mapping.

Once your LDAP is configured, the AirWatch Admin Console automatically maps all existing Basic Users to LDAP Users with matching usernames. 

Migrating Matched Users

  1. Navigate to Accounts ► Users ►  User Migration.
  2. By default the page shows all Pending users (newly imported). Pending users also include Directory users without registered devices, who have a matched Active Basic User. The Migration Status options include:
    • Pending – Directory Users for which AirWatch found a match (an LDAP User with a username that matches a Basic User with one or more enrolled devices).
    • Migrated – Users which have been successfully migrated.
    • Not Matched – Directory Users for which AirWatch did not find a match (an LDAP User without a matching Basic User).
    • All – All users with any status.
  3. Review one page of Pending users at a time and select users you want to migrate.
  4. Click Migrate.
    Note: You may migrate up to 20 users at a time.
  5. Review the Assign screen. The matched Basic User is already selected, but you may also add additional users to the list.
  6. Click Save to transfer device and user settings from Basic to LDAP and deactivate the basic account for each user.
  7. Change the Migration Status to Migrated to confirm all selected users were successfully migrated.
    Note: If any Basic Users did not have devices enrolled, then the Matched LDAP User will change status to Not Matched.
  8. Repeat steps 3 through 7 until all users are migrated and/or consolidated.

Migrating Not Matched Users

At this point, most — if not all — of your LDAP users have successfully matched with Basic Users, but there are times when Users will not match, including:

  • A Basic User's username does not have a matching LDAP username.
  • A Basic User is Inactive and has no device associated.

To migrate Not Matched users:

  1. Change the Migration Status to Not Matched.
  2. Review and select Users you want to migrate.
  3. Click Migrate.
    Note: You may migrate up to 20 users at a time.
  4. Review the Assign screen. For each user, click the LDAP User drop down menu and manually search for the User you want to match with.
  5. Click Save to match and migrate the Users.
  6. Change the Migration Status to Migrated to confirm all selected users were successfully migrated.
  7. Repeat steps 1 though 6 until all users are migrated and/or consolidated.
Have more questions? Submit a request


Article is closed for comments.