VMware Cloud services users with a federated domain use their corporate credentials to log in to the Cloud Services Console across Organizations.
Setting up enterprise federation for your corporate domain is a self-service process that involves multiple steps, users, and roles.
As an Organization Owner user, you kick off the self-service federation workflow on behalf of your Organization and invite an Enterprise Administrator to complete the setup. The Enterprise Administrator must determine the type of federation setup that is most suitable for your enterprise. Any SAML 2.0 based Identity Provider (IdP) is supported with VMware Cloud Services enterprise federation.
The following table explains the differences between the two setup options.
|Federation setup||Authentication method||User and group provisioning|
|Dynamic (connectorless) authentication setup||SAML 2.0 Identity Provider||SAML JIT user and group dynamic provisioning|
|Connector-based authentication setup||SAML 2.0 Identity Provider OR Workspace ONE Access connector authentication methods||Pre-provisioning: syncing users and groups from the customer's Active Directory|
Dynamic (connectorless) authentication setup
When enterprise federation for your enterprise domain is set up to use your third-party identity provider, users accessing VMware Cloud services from the federated domain are redirected to the log in screen of the identity provider for your enterprise. Users authenticate directly with your identity provider through SAML JIT dynamic provisioning.
Connector-based authentication setup
In this federation setup, an on-premises instance of Workspace ONE Access connector syncs users and groups from your Active Directory to a dedicated instance of a Workspace ONE Access tenant. Only synced groups and users can log in to VMware Cloud services with their corporate credentials. User authentication can be set up to use either a SAML 2.0 based IdP or the Workspace ONE Access connector authentication methods.
After setup completes successfully, enterprise federation becomes available to all users from your corporate domain and applies to all services across all Organizations.