VMware Carbon Black Cloud on AWS GovCloud (US) requires that you configure an identity source to manage your users, and federate this identity source with a VMware Workspace ONE Access instance to allow your users to authenticate to your Organization.
You can use the following options for authentication.
- An on-premises Microsoft Active Directory Federation Services (AD FS) server. If you choose this option, you will deploy and maintain an AD FS server in your on-premises data center, and use Direct Connect or a VPN to connect it to your SDDC. Start by deploying an AD FS server as described in https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/ad-fs-deployment. Then configure the VMware Workspace ONE Access as described in Federating Your Identity Source with Workspace ONE Access.
- AWS Directory Service. If you choose this option, you will deploy AWS Directory Service in your AWS GovCloud account, and deploy a Windows VM in your SDDC to manage the Directory Service.