Built-in identity providers can be configured with authentication methods that do not require the use of an on-premises connector. One built-in identity provider is available in the admin console Identity & Access Management > Identity Providers page. You can create additional built-in identity providers.
You configure the authentication methods from the Identity & Access Management Manage > Auth Methods page. When you configure the built-in identity provider, you associate the authentication methods to use in the built-in identity provider.
You can also configure the built-in identity providers to use authentication methods configured on a connector deployed in outbound-only connection mode. An outbound-only connector does not require the inbound firewall port 443 to be opened. The connector establishes an outbound-only connection (using websockets) with the cloud service, and receives authentication requests over this channel. See VMware Identity Manager Cloud Deployment guide, Deployment Models for more information about deploying an outbound-only connector.
After you associate the authentication methods in the built-in identity providers, you create access policies to apply to these authentication methods.