VMware Identity Manager Cloud Release Notes


VMware Identity Manager Connector 2017.9.1 | 21 September 2017 | Build 6651504

VMware Identity Manager Desktop 3.0 | 21 September 2017 | Build 6585499

VMware Identity Manager Integration Broker 3.0 | 21 September 2017 | Build6556344

Release date: September 28, 2017

What's in the Release Notes

The release notes cover the following topics:

What's New for VMware Workspace ONE

  • Improved End-User Experience on Sign-in Screens.The sign-in screens have been improved with additional animations, improved displays on mobile devices, and improved error messages.
  • App Reordering. Users can now rearrange bookmarked applications on their Workspace ONE app portal Bookmarks page. Users start with an alphabetized app view but can move app tiles around to create a custom, personalized view. The new user curated view is saved for future sessions.

    Note: Application reordering capability is available only from the desktop browser view. The reordered apps display on mobile devices but users cannot rearrange them from a mobile device.

  • Enhanced In-App search. Search applications by description in addition to name and category.
  • Support Horizon View HTML Access on Android Devices. Users can now launch Horizon View apps in a browser on Android devices from the Workspace ONE app. Available for Android 7 and later.
  • Refresh Token Timeout. Now users do not have to re-login to the Workspace ONE application every few days if they are regularly using the app. This is enabled through a configuration called “Idle Token Time-to-Live (TTL)” that can be set on the OAuth client for the Workspace ONE application. (ON by default). This feature is not limited to the Workspace ONE app and can be used by any other OAuth client of VMware Identity Manager.

See the What's New in the VMware Workspace ONE App blog.

What's New for VMware Identity Manager

  • Support for Multiple Office 365 Tenants from VMware Identity Manager Catalog. VMware Identity Manager now supports multiple Office 365 tenants. Organizations that have multiple tenants from acquisitions or line of business adoption of Office 365 can manage those tenants using one VMware Identity Manager instance, simplifying Office 365 adoption and management.
  • Support for Multiple Apps from the VMware Identity Manager Catalog. VMware Identity Manager now supports adding apps from the Catalog multiple times. Admins can add multiple copies using the templates in the Global Catalog. This simplifies the adoption of multiple instances of web applications such as Salesforce that might be used by different lines of business or for different purposes within the organization.
  • Support for Forced Authentication in SAML. VMware Identity Manager allows applications to request that a user must log in again, even if the user already has a valid session with VMware Identity Manager. This feature allows applications and admins to force users to log in again before performing sensitive actions, such as accessing important data or signing forms that require a high level of authentication assurance. Specifically, VMware Identity Manager now supports the ForceAuthn attribute in SAML and the prompt=login parameter in OpenID Connect.
  • Encrypted SAML Assertions. VMware Identity Manager allows organizations to choose whether to encrypt the SAML assertions sent by the service. Encryption decreases the risk of user data being discovered through a compromised SAML assertion and increases security.
  • Application Sources. If your applications are already federated using an access management system such as ADFS, PingFederate, and Okta, the Application Sources feature can be used to easily bring these applications into the Workspace ONE catalog. You define the external access management system as an application source type, and then add multiple apps of this type to the catalog. The application source definition contains the SAML contract details between VMware Identity Manager and these external access management systems.


VMware Identity Manager 3.0 is available in the following languages.

  • English
  • French
  • German
  • Spanish
  • Japanese
  •  Simplified Chinese
  • Korean
  • Taiwan
  • Russian
  • Italian
  • Portuguese (Brazil)
  • Dutch

Compatibility and Upgrade

Component Compatibility

VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components, such as VMware vCenter Server, VMware ThinApp, and Horizon 7.

Browser Compatibility for the VMware Identity Manager Administration Console

The following Web browsers can be used to view the administration console:

  • Mozilla Firefox 40 or later for Windows and Mac systems
  • Google Chrome 42.0 or later for Windows and Mac systems
  • Internet Explorer 11 for Windows systems
  • Safari 6.2.8 or later for Mac systems

Upgrading to VMware Identity Manager Connector

To upgrade to the latest connector, see Upgrading to VMware Identity Manager Connector. During the upgrade, all services are stopped, so plan the upgrade with the expected downtime in mind.

Before you upgrade from the 2016.11.1 connector to the latest connector, see the KB article 2149179 Upgrading from VMware Identity Manager Connector 2016.11.1

Note:  If you integrate Citrix published resources with VMware Identity Manager, upgrade to Integration Broker 3.0. The VMware Identity Manager Connector 2017.8.1 is not compatible with older versions of the Integration Broker.


The VMware Identity Manager documentation is in the VMware Workspace ONE doc center.

Known Issues

  • When creating Workspace identity provider, the IDP name that is configured is not saved. 

    When a new Workspace identity provider is configured and given a unique name, the IDP is saved with the name Workspace _IDP2, not the unique name that was configured.

    Edit the identity provider configuration and change the IdP name. Save the changes. The IdP is updated with the new name.

  • In the Workspace ONE apps portal, when users request a ThinApp package, request link does not change to Pending

    In the Workspace ONE apps portal, when users request a ThinApp package, request link does not change to Pending.

    Users must log in to their portal again. Then the Pending state displays for the ThinApp package.

  • When upgrading to the latest Identity Manager Desktop Client, the shortcut of Identity Manager Desktop is not removed.

    When a newer version of the Identity Manager Desktop Client is installed, a shortcut link is added to the All Programs view, but the older version, called Identity Manager Desktop is not removed.

    Users can delete the Identity Manager Desktop shortcut from the desktop.

  • Icon is Missing When Exporting an application from the Catalog

    When an application is exported from the VMware Identity Manager Catalog, the zip file does not contain the icon for the app.

    Go to the application's Details page in the Catalog and upload the icon.

  • Directory Sync Does Not Remove All Expected Groups From the Service.

    When running a directory sync to remove a large number of groups, for example more than 50% of the groups, the sync stops before all groups are removed.

    Start the directory sync again.

  • Unable to launch an application from the browser.

    Users might see the following error while launching applications directly from a browser, "Unable to process your request. Close this screen and try again."

    Launch the app directly from the Workspace ONE portal.