To use your VMware Identity Manager tenant without an AirWatch deployment, you install the VMware Identity Manager connector virtual appliance on premises in outbound-only connection mode. In this model, user and group sync from your enterprise directory and user authentication are handled by the VMware Identity Manager connector. Note that some authentication methods do not require the connector and are managed directly by the service.

The connector can also sync resources, such as Horizon 7 desktops and applications, to the VMware Identity Manager service.

Figure 1. Using VMware Identity Manager Connector


VMware Identity Manager Outbound Connector diagram


Port Requirements

The connector is installed in outbound-only connection mode and does not require inbound port 443 to be opened. The connector communicates with the VMware Identity Manager service through a Websocket-based communication channel.

For the list of ports used, see System and Network Configuration Requirements.

Supported Authentication Methods

This deployment model supports all authentication methods. Some of these authentication methods do not require the connector and are managed directly by the service through the Built-in identity provider.

  • Password - uses the connector

  • RSA Adaptive Authentication - uses the connector

  • RSA SecurID - uses the connector

  • RADIUS - uses the connector

  • Certificate (cloud deployment) - through the Built-in identity provider

  • VMware Verify - through the Built-in identity provider

  • Mobile SSO (iOS) - through the Built-in identity provider

  • Mobile SSO (Android) - through the Built-in identity provider

  • Inbound SAML through a third-party identity provider

Note:

For information on using Kerberos, see Adding Kerberos Authentication Support to Your Deployment.

Supported Directory Integrations

You can integrate the following types of enterprise directories with VMware Identity Manager.

Alternatively, you can use Just-in-Time provisioning to create users in the VMware Identity Manager service dynamically at login, using SAML assertions sent by a third-party identity provider.

Supported Resources

You can integrate the following types of resources with VMware Identity Manager.

  • Web applications

  • VMware Horizon 7, Horizon 6, or View desktop and application pools

  • Citrix-published resources

  • VMware Horizon Cloud Service applications and desktops

  • ThinApp packaged applications

Additional Information

  • The rest of this document contains information about installing and configuring the VMware Identity Manager connector. The information applies only to the deployment model that uses the VMware Identity Manager Connector in outbound-only connection mode.

  • See also "Configuring User Authentication in VMware Identity Manager" in the VMware Identity Manager Administration Guide.