You can create a client to enable a single application to register with VMware Identity Manager services to allow user access to a specific application.


  1. In the administration console Catalog tab, select Settings > Remote App Access.
  2. On the Clients page, click Create Client.
  3. On the Create Client page, enter the following information about the application.



    Access Type

    Options are User Access Token or Service Client Token.

    Client ID

    Enter a unique client ID for the resource to be registered with VMware Identity Manager.


    Select Identity Manager.


    Select the appropriate scope. When you select NAAPS, OpenID is also selected.

    Redirect URI

    Enter the registered redirect URI.

    Advanced Section

    Shared Secret

    Click Generate Shared Secret to generate a secret that is shared between this service and the application resource service.

    Copy and save the client secret to configure in the application setup.

    The client secret must be kept confidential. If a deployed app cannot keep the secret confidential, then the secret is not used. The shared secret is not used with Web browser-based apps.

    Issue Refresh Token

    Deselect the checkbox.

    Token Type

    Select Bearer

    Token Length

    Leave the default setting, 32 Bytes.

    Issue Refresh Token

    Check Refresh Token.

    Access Token TTL

    (Optional) Change the Access Token Time-To-Live settings.

    Refresh Token TTL


    User Grant

    Do not check Prompt users for access.

  4. Click Add.


The client configuration is displayed on the OAuth2 Client page, along with the shared secret that was generated.

What to do next

Enter the Client ID and the shared secret in the resources configuration pages. See the application documentation.