From the Identity and Access Management tab in the administration console, you can set up and manage the authentication methods, access policies, directory service, and customize the end-user portal and administration console branding.

The following is a description of the setup settings in the Identity and Access Management tab.

Table 1. Identity and Access Management Set up Settings

Setting

Description

Setup > Connectors

The Connectors page lists the connectors that are deployed inside your enterprise network. The connector is used to sync user and group data between your enterprise directory and the service. When the connector is used as the identity provider, it authenticates users to the service.

When you associate a directory with a connector instance, the connector creates a partition for the associated directory called a worker. A connector instance can have multiple workers associated with it. Each worker acts as an identity provider. You define and configure authentication methods per worker.

The connector syncs user and group data between your enterprise directory and the service through one or more workers.

Before you can add a new connector, click Add Connector to generate an activation code. You paste this activation code in the Setup wizard to establish communication with the connector.

Setup > Custom Branding

In the Custom Branding page, you can customize the appearance of the administration console header and sign-in screen. See Customize Branding in VMware Identity Manager Service.

To customize the end user Web portal, mobile and tablet views, go to Catalog > Settings > User Portal Branding. See Customize Branding for the User Portal.

Setup > User Attributes

The User Attributes page lists the default user attributes that sync in the directory. You can add other attributes that you can map to Active Directory attributes. See the Directory Integration with VMware Identity Manager guide.

Setup > Network Ranges

This page lists the network ranges that you added. You configure a network range to allow users access through those IP addresses. You can add additional network ranges and you can edit existing ranges. See Add or Edit a Network Range.

Setup > Auto Discovery

When VMware Identity Manager and AirWatch are integrated, you can integrate the Windows Auto-Discovery service that you deployed in your AirWatch configuration with the VMware Identity Manager service. For more details about setting up auto discovery in AirWatch in on-premises deployments, see the AirWatch documentation VMware AirWatch Windows Autodiscovery Service Installation Guide available from the AirWatch Web site, http://air-watch.com

Register your email domain to use the auto-discovery service to make it easier for users to access their apps portal using Workspace ONE. End users can enter their email addresses instead of the organization's URL when they access their apps portal through Workspace ONE.

See the Guide to Deploying VMware Workspace ONE for more information about auto discovery.

Setup > AirWatch

On this page, you can set up integration with AirWatch. After integration is set up and saved, you can enable the unified catalog to merge applications set up in the AirWatch catalog to the unified catalog; enable compliance check to verify that managed devices adhere to AirWatch compliance policies, and enable user password authentication through the AirWatch Cloud Connector (ACC). See the Guide to Deploying VMware Workspace ONE.

Setup > Preferences

The Preferences page displays features that the admin can enable. This includes the following preferences.

  • Show the System Domain on Login Page can be enabled.

  • Persistent cookies can be enabled from this page. See Enable Persistent Cookie.

  • Enable Hide Domain Drop-Down Menu, when you do not want to require users to select their domain before they log in.

  • Enable the unique identifier option to display the identifier-based login pages. See Managing the User Login Experience

Terms of Use

On this page, you can set up Workspace ONE terms of use and ensure that end users accept this terms of use before using the Workspace ONE portal.

The following is a description of the settings used to manage the services in the Identity and Access Management tab.

Table 2. Identity and Access Management Manage Settings

Setting

Description

Manage > Directories

The Directories page lists directories that you created. You create one or more directories and then sync those directories with your enterprise directory deployment. On this page, you can see the number of groups and users that are synced to the directory and the last sync time. You can click Sync Now, to start the directory sync.

See See the Directory Integration with VMware Identity Manager guide.

When you click a directory name, you can edit the sync settings, navigate the Identity Providers page, and view the sync log.

From the directories sync settings page, you can schedule the sync frequency, see the list of domains associated with this directory, change the mapped attributes list, update the user and groups list that syncs, and set the safeguard targets.

Manage > Identity Providers

The Identity Providers page lists the identity providers that you configured. The connector is the initial identity provider. You can add third-party identity provider instances or have a combination of both. The VMware Identity Manager Built-in identity provider can be configured for authentication.

See Add and Configure an Identity Provider Instance.

Manage > Password Recovery Assistant

On the Password Recovery Assistant page, you can change the default behavior when "Forgot password" is clicked on the sign-in screen by the end user.

Authentication Methods

The Authentication Methods page is used to configure authentication methods that can be associated with built-in identity providers. After you configure the authentication methods on this page, you associate the authentication method in the built-in identity provider page.

Manage > Policies

The Policies page lists the default access policy and any other Web application access policies you created. Policies are a set of rules that specify criteria that must be met for users to access their My Apps portal or to launch Web applications that are enabled for them. You can edit the default policy and if Web applications are added to the catalog, you can add new policies to manage access to these Web applications. See Managing Access Policies.