VMware Cloud services users with a federated domain use their corporate credentials to log in to the Cloud Services Console across organizations. Setting up enterprise federation for your corporate domain is a self-service process that involves multiple steps, users, and roles. After setup completes successfully, enterprise federation becomes available to all users from your corporate domain and applies to all services across all organizations.
When enterprise federation is set for an enterprise domain, users login experience with VMware Cloud services changes. When a user from the federated domain accesses a service and identifies as a user in the Cloud Services Console, they are redirected to the log in screen of the identity provider for their enterprise.
An on-premises instance of Workspace ONE Access connector syncs the customer-defined groups and users from the customer's Active Directory to a dedicated instance of a Workspace ONE Access service tenant created for the customer. The tenant acts as an identity broker to the customer's identity provider. The connector uses an outbound secure connection to the tenant. Users authenticate directly with the customer's identity provider. Only synced groups and users can log in to VMware Cloud services with their corporate credentials.
What's involved in setting up self-service federation?
When an organization owner initiates the self-service federation workflow for their corporate domain by inviting one or more Enterprise Administrators, a special federation organization becomes available for the set-up. Everyone involved in the self-service federation process receives an email notification with a link to access the special federation organization. The purpose of this organization is to set up enterprise federation for the corporate domain and to modify the initial setup.
The self-service federation workflow cannot be completed in one go. It involves multiple steps that are available as a workflow in the special federation organization.