As an Organization Owner user in an Identity and Access Governance (IGA) activated Organization, you can assign default Organization and service roles to users in your Organization by setting up a policy.

The default roles granted through that policy apply to all users logging in the Organization from a specified federated domain and cannot be edited at the user level. To change the default role entitlements, you must modify the policy.
Important: There is a known issue that as an Organization Owner, you cannot view the users in your Organization who have been granted default roles based on the policy and who have no other roles in the Organization. These users will not display on the Active Users list in Cloud Services Console unless they request additional roles and the requests are approved. Once users with default roles obtain additional roles in the Organization, they appear on the Active Users list and as an Organization Owner, you can grant them additional roles.


  • Your corporate identity provider is linked to VMware Cloud Services.
  • Advanced IGA features are activated in the Organization.
  • You have an Organization Owner role in the Organization.


  1. Log in to the Cloud Services Console with your corporate account.
  2. Navigate to Identity and Access Management > Governance > Requests.
  3. Click Settings.
  4. In the Grant Default Roles section of the page, click the Add Domain Policy link.
  5. Enter a name and description for the new policy.
  6. Select the domain to which you want to apply the policy.
  7. Select the Organization and service roles that you want to automatically assign to all users logging into your Organization from the specified domain.
  8. Click Save.


The roles you specified become available to all users from the specified domain upon their login to VMware Cloud Services.