To use your VMware Identity Manager tenant without an AirWatch deployment, you install the VMware Identity Manager connector virtual appliance on premises in outbound-only connection mode. In this model, user and group sync from your enterprise directory and user authentication are handled by the VMware Identity Manager connector. Note that some authentication methods do not require the connector and are managed directly by the service.
The connector can also sync resources, such as Horizon 7 desktops and applications, to the VMware Identity Manager service.
The connector is installed in outbound-only connection mode and does not require inbound port 443 to be opened. The connector communicates with the VMware Identity Manager service through a Websocket-based communication channel.
For the list of ports used, see System and Network Configuration Requirements.
Supported Authentication Methods
This deployment model supports all authentication methods. Some of these authentication methods do not require the connector and are managed directly by the service through the Built-in identity provider.
Password - uses the connector
RSA Adaptive Authentication - uses the connector
RSA SecurID - uses the connector
RADIUS - uses the connector
Certificate (cloud deployment) - through the Built-in identity provider
VMware Verify - through the Built-in identity provider
Mobile SSO (iOS) - through the Built-in identity provider
Mobile SSO (Android) - through the Built-in identity provider
Inbound SAML through a third-party identity provider
For information on using Kerberos, see Adding Kerberos Authentication Support to Your Deployment.
Supported Directory Integrations
You can integrate the following types of enterprise directories with VMware Identity Manager.
Active Directory over LDAP
Active Directory, Integrated Windows Authentication
If you plan to integrate an LDAP directory, see Limitations of LDAP Directory Integration first.
Alternatively, you can use Just-in-Time provisioning to create users in the VMware Identity Manager service dynamically at login, using SAML assertions sent by a third-party identity provider.
You can integrate the following types of resources with VMware Identity Manager.
VMware Horizon 7, Horizon 6, or View desktop and application pools
VMware Horizon Cloud Service applications and desktops
ThinApp packaged applications
The rest of this document contains information about installing and configuring the VMware Identity Manager connector. The information applies only to the deployment model that uses the VMware Identity Manager Connector in outbound-only connection mode.
See also "Configuring User Authentication in VMware Identity Manager" in the VMware Identity Manager Administration Guide.