To provide identity and access management services to the cross-instance SDDC components, you create a global environment in vRealize Suite Lifecycle Manager in which you deploy a 3-node clustered Workspace ONE Access instance.


  1. In a web browser, log in to vRealize Suite Lifecycle Manager with the vcfadmin@local user by using the user interface (https://<vrslcm_fqdn>).
  2. On the My Services page, click Lifecycle Operations.
  3. On the Dashboard page, click Create environment.
  4. On the Create environment page, configure the settings and click Next.



    Install Identity Manager


    Default password



    Select the cross-instance datacenter.

    JSON configuration


    Join the VMware customer experience improvement program


  5. On the Select product page, select the check box for VMware Identity Manager, configure these values, and click Next.



    Installation type

    New install


    Select a version. vRealize Suite Lifecycle Manager will only display supported versions.

    Deployment type


  6. On the Accept license agreements page, scroll to the bottom and accept the license agreement, and then click Next.
  7. On the Certificate page, from the Select certificate drop-down menu, select the Clustered Workspace One Certificate, and click Next.
  8. On the Infrastructure page, verify and accept the default settings, and click Next.
  9. On the Network page, verify and accept the default settings, and click Next.
  10. On the Products page, configure the deployment properties of clustered Workspace ONE Access and click Next.
    1. In the Product properties section, configure the settings.




      Workspace One Access

      Node size

      Medium (vRealize Automation recommended size)

      Admin password

      Select the xint-wsa-admin

      Default configuration admin email

      Enter a default email.

      Default configuration admin user name


      Default configuration admin password

      Select the xint-wsa-configadmin

      Sync group members


    2. In the Cluster VIP FQDN section, configure the settings.




      Enter the FQDN of the NSX-T Data Center load balancer virtual server for clustered Workspace ONE Access instance.

      Locker certificate

      Clustered Workspace ONE Access Certificate

      Database IP address

      Enter the IP address for the embedded Postgres database.
      Note: The IP address must be a valid IP address for the cross-instance NSX segment.
    3. In the Components section, configure the three cluster node.


      Value for vidm-primary

      Value for vidm-secondary-1

      Value for vidm-secondary-2

      VM Name

      Enter a VM Name for vidm-primary.

      Enter a VM Name for vidm-secondary-1.

      Enter a VM Name for vidm-secondary-2.


      Enter the FQDN for vidm-primary

      Enter the FQDN for vidm-secondary-1.

      Enter the FQDN for vidm-secondary-2.

      IP address

      Enter the IP Address for vidm-primary.

      Enter the IP Address for vidm-secondary-1.

      Enter the IP Address for vidm-secondary-2.

    4. For each node, click advanced configuration and click Select Root Password.
      Select xint-wsa-root and click Save.
  11. On the Precheck page, click Run precheck.
  12. On the Manual validations page, select the I took care of the manual steps above and am ready to proceed check box and click Run precheck.
  13. Review the validation report, remediate any errors, and click Re-run precheck.
  14. Wait for all prechecks to complete with Passed messages and click Next.
  15. On the Summary page, review the configuration details. To back up the deployment configuration, click Export configuration.
  16. To start the deployment, click Submit.

    The Request details page displays the progress of deployment.

  17. Monitor the steps of the deployment graph until all stages become Completed.