To configure the VMware Identity Manager service to provide Kerberos authentication for desktops, you must join to the domain and enable Kerberos authentication on the VMware Identity Manager connector.
- In the administration console Identity & Access Management tab, select Setup.
- In the Worker column for the connector click Auth Adapters.
- Click KerberosIdpAdapter
You are redirected to the identity manager sign in page.
- Click Edit in the KerberosldpAdapter row and configure the Kerberos authentication page.
A name is required. The default name is KerberosIdpAdapter. You can change this.
Directory UID Attribute
Enter the account attribute that contains the user name
Enable Windows Authentication
Select this to extend authentication interactions between users' browsers and VMware Identity Manager.
Select this to enable NT LAN Manager (NTLM) protocol-based authentication only if your Active Directory infrastructure relies on NTLM authentication.
Select this if round-robin DNS and load balancers do not have Kerberos support. Authentication requests are redirected to Redirect Host Name. If this is selected, enter the redirect host name in Redirect Host Name text box. This is usually the hostname of the service.
- Click Save.
What to do next
Add the authentication method to the default access policy. Go to the Identity & Access Management > Manage > Policies page and edit the default policy rules to add the Kerberos authentication method to the rule in correct authentication order.