Setting up enterprise federation for your corporate domain is a self-service process that involves multiple steps, users, and roles.

Here's who and what's involved in federating your corporate domain with VMware Cloud services.

Organization owner

Organization owners of unfederated domains can kick off the federation setup from the Cloud Services Console. Any organization owner can initiate the self-service federation process and assign one or more Enterprise Administrators to complete the setup.

Organization owners who hold system administrator roles with their enterprise and have sufficient knowledge of the enterprise directory service and identity provider configuration, can act as enterprise administrators for the federation setup.

Enterprise Administrator

The Enterprise Administrator is a system administrator who belongs to the central security team for your enterprise and manages the directory services and identity providers. As the designated person to set up enterprise federation for your corporate domain, the Enterprise Administrator completes the configuration and validation steps of the self-service setup process. Setting up enterprise federation might involve representatives of different security teams. The designated Enterprise Administrator can invite other administrators to help with the setup.

The Enterprise Federation Organization

When an organization owner initiates the self-service federation workflow for their corporate domain by inviting one or more enterprise administrators, a special federation organization becomes available for the set-up. Everyone involved in the self-service federation process receives an email notification with a link to access the special federation organization. The purpose of this organization is to set up enterprise federation for the corporate domain and to modify the initial setup.

Linking corporate accounts to VMware IDs

Existing users of VMware Cloud services whose accounts are federated must link their corporate accounts to their VMware ID accounts in order to access the services in their organization. New users onboarding to VMware Cloud services after federation set up for their domains was enabled don't need to create a VMware ID.

VMware Workspace ONE Access tenant

Setting up federated identity management requires the customer to configure and manage a VMware Workspace ONE Access tenant. The tenant is created as part of the self-service federation process. The VMware Workspace ONE Access tenant acts as an identity broker (service provider) to your identity provider and is not involved in the actual user authentication.

The self-service federation setup workflow

The self-service federation setup involves multiple steps that can be performed at various times by different Enterprise Administrators. The workflow resumes from the place it was left last. Enterprise administrators involved in the setup must have VMware Cloud services accounts with a VMwareID. All steps in the federation setup are completed through the Set up Enterprise Federation workflow in the special federation organization.