After you upgrade to VMware Identity Manager 3.0, configure these settings.

  • If you integrate Citrix published resources with VMware Identity Manager, upgrade to Integration Broker 3.0. VMware Identity Manager 3.0 and VMware Identity Manager Connector 2017.8.1.0 (the connector version in the 3.0 release) are not compatible with older versions of the Integration Broker.

    Table 1. Supported Versions

    VMware Identity Manager or Connector Version

    Integration Broker Version Supported

    VMware Identity Manager 3.0


    VMware Identity Manager Connector 2017.8.1.0 (Connector version in the VMware Identity Manager 3.0 release)


    VMware Identity Manager 2.9.1 or earlier

    2.9.1 or earlier

    VMware Identity Manager Connector 2.9.1 or earlier

    2.9.1 or earlier

  • If you integrate Horizon desktops and applications in VMware Identity Manager and you have deployed a VMware Identity Manager cluster, you must configure Horizon integration again.

    • In the primary connector, where you saved and synced Horizon resources, remove all the Horizon pods, add them again, and click Save and Sync.

    • In the other connectors, where you saved the Horizon resources configuration, remove all the Horizon pods, add them again, and click Save.

Changes in Earlier Releases

  • Bulk sync changes in VMware Identity Manager 2.9.1 and later

    In earlier versions, bulk sync was processed with 4 threads per CPU through a global configuration parameter in the database named bulkSyncThreadLimitPerCPU=4.

    Beginning with version 2.9.1, the number of threads for bulk sync processing is not based on CPU. It is an absolute number, which is the same as the number of CPUs on a node by default.

    If you sync large numbers of users and groups and you notice that sync is slow after upgrade, you can specify the number of threads by setting the global configuration parameter called bulkSyncSharedThreadCount.

    Set the thread value in the database using the following REST API, then restart the nodes for the change to take effect.

    HTTP Request:

    Operation: PUT
    URI: bulkSyncSharedThreadCount

    HTTP Headers:

    Content-Type: application/vnd.vmware.horizon.manager.systemconfigparameter+json
    Accept: application/vnd.vmware.horizon.manager.systemconfigparameter+json
    Authorization: HZN <operator token>

    Request Body (with 8 threads as an example):

        "name": "bulkSyncSharedThreadCount",
        "values": {
            "values": [

  • Enable the new portal user interface.

    1. In the administration console, click the arrow on the Catalog tab and select Settings.

    2. Select New End User Portal UI in the left pane and click Enable New Portal UI.

  • If you have set up a VMware Identity Manager cluster for failover with two nodes, updating it to three nodes is recommended. This is because of a limitation of Elasticsearch, a search and analytics engine embedded in the VMware Identity Manager appliance. You may continue to use two nodes but you should be aware of a few limitations related to Elasticsearch. See "Configuring Failure and Redundancy" in Installing and Configuring VMware Identity Manager for more information.

  • Transport Layer Security (TLS) protocol 1.0 is disabled by default in VMware Identity Manager. TLS 1.1 and 1.2 are supported.

    External product issues are known to occur when TLS 1.0 is disabled. Updating your other product configurations to use TLS 1.1 or 1.2 is recommended. However, if these products have a dependence on TLS 1.0, you can enable TLS 1.0 in VMware Identity Manager by following the instructions in Knowledge Base article 2144805.