Users in the VMware Identity Manager service can be users that are synced from your enterprise directory, local users that you provision in the admin console, or users created with just-in-time provisioning.
Groups in the VMware Identity Manager service can be groups that are synced from your enterprise directory and local groups that you create in the admin console.
Users and groups imported from your enterprise directory are updated in the VMware Identity Manager directory according to your server synchronization schedule. You can view the user and group accounts from the User & Groups pages. You cannot edit or delete these users and groups.
You can create local users and groups. Local users are added to a local directory. You manage the local user attribute mapping and password policies. You can create local groups to manage resource entitlements for users.
Users created with just-in-time provisioning are created and updated dynamically when the user logs in, based on SAML assertions sent by the identity provider. All user management is handled through SAML assertions. To use just-in-time provision, see Just-in-Time User Provisioning.