Identity and Access Management Design for Workspace ONE Access

You integrate supported SDDC components with the Workspace ONE Access cluster to enable authentication through the identity and access management services.

After the integration, information security and access control configurations for the integrated SDDC products can be configured.

Table 1. Workspace ONE Access SDDC Integration
SDDC Component	Integration	Considerations
vCenter Server	Not Supported	For directory services you must connect vCenter Server directly to Active Directory. See Identity and Access Management for VMware Cloud Foundation.
SDDC Manager	Not Supported	SDDC Manager uses vCenter Single Sign-On. For directory services, you must connect vCenter Server directly to Active Directory
NSX-T Data Center	Supported	If you intend to scale out to an environment with multiple VMware Cloud Foundation instances, for example, for disaster recovery, you must deploy an additional standard instance of Workspace ONE Access in each VMware Cloud Foundation instance. The Workspace ONE Access instance that is leveraged by components protected across VMware Cloud Foundation instances might fail over between physical locations which will impact the authentication to NSX-T Data Center in the first VMware Cloud Foundation instance. See Identity and Access Management for VMware Cloud Foundation.
vRealize Suite Lifecycle Manager	Supported	None.

See VMware Cloud Foundation Validated Solutions for the design for specific vRealize Suite components including identity management.

Table 2. Design Decisions on Integrations for Workspace ONE Access
Decision ID	Design Decision	Design Justification	Design Implication
VCF-VRS-WSA-SEC-001	Configure the Workspace ONE Access instance as the authentication provider for each supported SDDC component.	Enables authentication through Workspace ONE Access identity and access management services for vRealize Suite solutions that require mobility across VMware Cloud Foundation instances. Required for vRealize Automation authentication.	Workspace ONE Access must be online and operational before you can authenticate to vRealize Automation.