From the Identity and Access Management tab in the administration console, you can set up and manage the authentication methods, access policies, directory service, and customize the end-user portal and administration console look and feel.

The following is a description of the setup settings in the Identity and Access Management tab.

Figure 1. Identity and Access Management Setup Pages
Table 1. Identity and Access Management Set up Settings



Setup > Connectors

The Connectors page lists the connectors that are deployed inside your enterprise network. The connector is used to sync user and group data between your enterprise directory and the service, and when it is used as the identity provider, authenticates users to the service.

When you associate a directory with a connector instance, the connector creates a partition for the associated directory called a worker. A connector instance can have multiple workers associated with it. Each worker acts as an identity provider. You define and configure authentication methods per worker.

The connector syncs user and group data between your enterprise directory and the service through one or more workers.

Before you can add a new connector, you click Add Connector to generate an activation code that you paste in the Setup wizard to establish communication with the connector.

Join Domain link

  • You click Join Domain to join the connector to a specific Active Directory domain. For example when you configure Kerberos authentication, you must join the Active Directory domain either containing users or having trust relationship with the domains containing users.

  • When you configure a directory with an Integrated Windows Authentication Active Directory, the connector joins the domain according to the configuration details.

Setup > Custom Branding

In the Custom Branding page, you can customize the appearance of the administration console header and sign-in screen. See Customize Branding in VMware Identity Manager.

To customize the end user Web portal, mobile and tablet views, go to Catalog > Settings > User Portal Branding. See Customize Branding for the User Portal.

Setup > User Attributes

The User Attributes page lists the default user attributes that sync in the directory and you can add other attributes that you can map to Active Directory attributes. See Select Attributes to Sync with Directory.

Setup > Network Ranges

This page lists the network ranges that you added. You configure a network range to allow users access through those IP addresses. You can add additional network ranges and you can edit existing ranges. See Add or Edit a Network Range.

Setup > Auto Discovery

When VMware Identity Manager and AirWatch are integrated, you can integrate the Windows Auto-Discovery service that you deployed in your AirWatch configuration with the VMware Identity Manager service. For more details about setting up auto discovery in AirWatch, see the AirWatch documentation VMware AirWatch Windows Autodiscovery Service Installation Guide available from the AirWatch Web site,

Register your email domain to use the auto-discovery service to make it easier for users to access their apps portal using Workspace ONE. End users can enter their email addresses instead of the organization's URL when they access their apps portal through Workspace ONE.

See the Setting up the VMware Workspace ONE App on Devices guide for more information about auto discovery.

Setup > AirWatch

On this page, you can set up integration with AirWatch. After integration is set up and saved, you can enable the unified catalog to merge applications set up in the AirWatch catalog to the unified catalog; enable compliance check to verify that managed devices adhere to AirWatch compliance policies, and enable user password authentication through the AirWatch Cloud Connector (ACC). See Integrating AirWatch With VMware Identity Manager.

Setup > Preferences

The Preferences page displays features that the admin can enable. This includes

  • Persistent cookies can be enabled from this page. See Enable Persistent Cookie.

  • When local users are configured in your service, to show Local Users as a domain option on the sign in page, enable Show Local Users on the login page.

The following is a description of the settings used to manage the services in the Identity and Access Management tab.

Figure 2. Identity & Access Management Manage Pages
Table 2. Identity and Access Management Manage Settings



Manage > Directories

The Directories page lists directories that you created. You create one or more directories and then sync those directories with your enterprise directory deployment. On this page, you can see the number of groups and users that are synced to the directory and the last sync time. You can click Sync Now, to start the directory sync.

See Integrating with Your Enterprise Directory.

When you click a directory name, you can edit the sync settings, navigate the Identity Providers page, and view the sync log.

From the directories sync settings page, you can schedule the sync frequency, see the list of domains associated with this directory, change the mapped attributes list, update the user and groups list that syncs, and set the safeguard targets.

Manage > Identity Providers

The Identity Providers page lists the identity providers that you configured. The connector is the initial identity provider. You can add third-party identity provider instances or have a combination of both. The VMware Identity Manager Built-in identity provider can be configured for authentication.

See Add and Configure an Identity Provider Instance.

Manage > Password Recovery Assistant

On the Password Recovery Assistant page, you can change the default behavior when "Forgot password" is clicked on the sign-in screen by the end user.

Manage > Policies

The Policies page lists the default access policy and any other Web application access policies you created. Policies are a set of rules that specify criteria that must be met for users to access their My Apps portal or to launch Web applications that are enabled for them. You can edit the default policy and if Web applications are added to the catalog, you can add new policies to manage access to these Web applications. See Managing Access Policies.