What's involved in setting up enterprise federation

Setting up enterprise federation for your corporate domain is a self-service process that involves multiple steps, users, and roles.

Here's who and what's involved in federating your corporate domain with VMware Cloud services.

Organization Owner: Organization Owner users of unfederated domains can kick off the federation setup from the Cloud Services Console. Any Organization Owner can initiate the self-service federation process and assign one or more Enterprise Administrators to complete the setup.; Organization Owners who hold system administrator roles with their enterprise and have sufficient knowledge of the enterprise directory service and identity provider configuration, can act as Enterprise Administrators for the federation setup.
Enterprise Administrator: The Enterprise Administrator is a system administrator who belongs to the central security team for your enterprise and manages the directory services and identity providers. As the designated person to set up enterprise federation for your corporate domain, the Enterprise Administrator completes the configuration and validation steps of the self-service setup process. Setting up enterprise federation might involve representatives of different security teams. The designated Enterprise Administrator can invite other administrators to help with the setup.
The Enterprise Federation dashboard: When an Organization Owner initiates the self-service federation workflow for their corporate domain by inviting one or more Enterprise Administrators, a special Management Organization is created. This Organization provides access to the Enterprise Federation dashboard. The purpose of the dashboard is to set up enterprise federation for the corporate domain and to modify the initial setup. Everyone involved in the self-service federation process receives an email notification with a link to access the Enterprise Federation dashboard in the Management Organization.
Linking corporate accounts to VMware accounts: VMware requires users of VMware Cloud services who work with VMware for the purposes of billing and support, to create a VMware account through VMware Customer Connect, and then link their corporate account with their VMware account.; Linking the federated account to the VMware account for existing users of VMware Cloud services happens automatically if the federated email was used to create the VMware account. If the VMware account uses a different email account from the federated email account, the customers must link their corporate accounts to their VMware accounts in order to access the services in their Organization.; New users with federated accounts must create a VMware account only if they need to view billing information or file support tickets.
VMware Workspace ONE Access tenant: Setting up federated identity management requires the customer to configure and manage a VMware Workspace ONE Access tenant. The tenant is created as part of the self-service federation process. The Workspace ONE Access tenant acts as an identity broker (service provider) to your identity provider and is not involved in the actual user authentication.
The self-service federation setup workflow: The self-service federation setup involves multiple steps that can be performed at various times by different Enterprise Administrators. The workflow resumes from the place it was left last. Enterprise Administrator users involved in the setup must have VMware Cloud services accounts linked to their VMware accounts. All steps in the federation setup are completed through the Set up Enterprise Federation workflow in the special Management Organization.; All steps in the federation setup are completed through the Set up Enterprise Federation workflow in the Enterprise Federation dashboard in the Management Organization.