As an Enterprise Administrator for your federated domains, you modify the initial federation setup through the Enterprise Federation dashboard.

Organization Owner users who hold system administrator roles with their enterprise and have sufficient knowledge of the enterprise directory service can also modify the federation setup.

To access the Enterprise Federation dashboard, you must log in to the Management Organizaiton in VMware Cloud Services with your federated account.
Note: When logging in to the Enterprise Federation dashboard, use a regular browser mode. Some of the features may not work properly in incognito mode.
The Enterprise Federation dashboard provides an overview of the current federation setup for your enterprise: the enterprise directories configured for users and groups sync, the number of synced users and groups, the identity provider and corporate domains configured for federation, and the user identification method. As an Enterprise Administrator, you can make the following changes to the federation configuration setup:
  • Add more domains or sub-domains.
  • Sync more groups and users.
  • Make changes to your directory settings, such as change sync frequency.
  • Modify the display name of the identity provider.
  • Grant other Enterprise Administrators access to the Enterprise Federation dashboard in the Management Organization.
  • Activate member Organizations for Identity Governance and Administration.
Caution: All users with the Enterprise Administrator role can make changes to the federation configuration. These changes are domain wide and impact all users or groups across any VMware Cloud services Organization with users from federated domains. For example, if an Enterprise Administrator removes a group that was previously synced, any Organization using the group is impacted.

Can I make changes to the identity provider configuration?

Once your federation setup is activated, you are no longer able to make changes to the identity provider configuration. You cannot change your identity provider to a different one or modify the authentication method configured for your identity provider. The Enterprise Federation dashboard only lets you change the display name of your already configured identity provider.

To make changes to the identity provider settings in your enterprise federation setup, you must file a support ticket. For more information, see Get Support.