Authenticators are created when you configure SAML authentication between VMware Identity Manager and a connection server. The only management task is to enable or disable True SSO for the authenticator.

For readability, the options shown in the following table do not represent the complete command you would enter. Only the options specific to the particular task are included. For example, one row shows the --list --authenticator options, but the vdmUtil command you would actually enter also contains options for authentication and for specifying that you are configuring True SSO:

vdmUtil --authAs admin-role-user --authDomain netbios-name --authPassword admin-user-password --truesso --list --authenticator

For more information about the authentication options, see Command-line Reference for Configuring True SSO.

Table 1. vdmutil truesso Command Options for Managing Authenticators

Command and Options


--list --authenticator [--verbose]

Lists the fully qualified domain names (FQDNs) of all SAML authenticators found in the domain. For each one, specifies whether True SSO is enabled. If you use the --verbose option, the FQDNs of the associated connection servers are also listed.

--list --authenticator --name label

For the specified authenticator, lists whether True SSO is enabled, and lists the FQDNs of the associated connection servers. For label use one of the names listed when you use the --authenticator option without the --name option.

--edit --authenticator --name label --truessoMode mode-value

For the specified authenticator, sets the True SSO mode to the value you specify, where mode-value can be one of the following values:

  • ENABLED. True SSO is used only when the Active Directory credentials of the user is not available.

  • ALWAYS. True SSO is always used even if vIDM has the AD credentials of the user.

  • DISABLED. True SSO is disabled.

For label use one of the names listed when you use the --authenticator option without the --name option.