VMware Identity Manager supports adding multiple tenants of a service provider to a VMware Identity Manager instance. If you have multiple tenants of an app such as Office 365 that may be used by different lines of business in your organization, you can add all the tenants to a single instance of VMware Identity Manager. This enables you to manage SSO and access to all the tenants from one location.

About this task

To add multiple tenants, you add multiple copies of the app to the VMware Identity Manager catalog and then modify the configuration of each. Map each copy of the app to a different tenant of the service provider. Each tenant can have one or more domains. You also need to entitle users to the appropriate copy of the app.

When users log into Workspace ONE and click the app to which they are entitled, the correct app is launched. When users log into the service provider directly, the service provider redirects to VMware Identity Manager for authentication and VMware Identity Manager authenticates the user and launches the correct app based on user entitlements.

Procedure

  1. In the Catalog tab, click Add Application > ... from the cloud application catalog.
  2. Click the app you want to add.
  3. In the app page, edit the application details and click Save.
  4. To add a second copy of the app, do one of the following:
    • Add the app again from the cloud application catalog.

      1. Click the app in the cloud application catalog.

      2. In the app page, edit application details such as the name so the app can be easily identified.

      3. Click Save.

    • Make a copy of the app you added.

      1. In the Catalog tab, click the app.

      2. In the application details page, click Copy.

      3. Edit application details such as the name so the app can be easily identified.

      4. Click Save.

  5. Configure each copy of the app.
    • Map each copy of the app to a different service provider tenant.

    • Ensure that users are unique across all service provider domains and tenants.

      Note:

      If the users are not unique, ensure that the service provider POST URLs, that is, the Assertion Consumer Service URLs that you provide in the VMware Identity Manager administration console, are unique across tenants.

  6. Configure user entitlements for each copy of the app. Entitle users to the appropriate tenant.
    1. In the Catalog tab, click the copy of the app that corresponds to the tenant.
    2. In the application page, click Entitlements in the left pane.
    3. Add user and group entitlements.