In the VMware Identity Manager service, users are identified uniquely by both their name and domain. This allows you to have multiple users with the same name in different Active Directory domains. User names must be unique within a domain.

Before you set up the directory in the VMware Identity Manager you specify which default user attributes are required and add additional attributes that you want to map to Active Directory attributes. The attributes and filters you select in Active Directory to map to these attributes determine which Active Directory users sync in the VMware Identity Manager directory. See the Directory Integration with VMware Identity Manager publication for more information about integrating Active Directory with VMware Identity Manager.

The VMware Identity Manager service supports having multiple users with the same name in different Active Directory domains. User names must be unique within a domain. For example, you can have a user jane in domain eng.example.com and another user jane in domain sales.example.com.

Users are identified uniquely by both their user name and domain. The userName attribute in VMware Identity Manager is used for user names and is typically mapped to the sAMAccountName attribute in Active Directory. The domain attribute is used for domains and is typically mapped to the canonicalName attribute in Active Directory.

During directory sync, users that have the same user name but different domains are synced successfully. If there is a user name conflict within a domain, the first user is synced and an error occurs for subsequent users with the same user name.

Tip:

If you have an existing VMware Identity Manager directory in which the user domain is incorrect or missing, check the domain settings and sync the directory again. See Sync Directory to Correct Domain Information.

In the admin console, you can identify users uniquely by both their user name and domain. For example:

  • In the Dashboard tab Users and Groups column, users are listed as user (domain). For example, jane (sales.example.com).

  • In the Users & Groups tab, Users page, the DOMAIN column indicates the domain to which the user belongs.

  • Reports that display user information, such as the Resource Entitlements report, include a DOMAIN column.

When end users log in to the user portal, on the login page they select the domain to which they belong. If multiple users have the same user name, each can log in successfully using the appropriate domain.

Note:

This information applies to users synced from Active Directory. If you use a third-party identity provider and have configured Just-in-Time user provisioning, see Just-in-Time User Provisioning for information. Just-in-Time user provisioning also supports multiple users with the same user name in different domains.