One Built-in identity provider is available in the admin console Identity & Access Management > Identity Providers page. You can create additional built-in identity providers.

The Built-in identity provider that is available can be configured to service authentication methods that do not require a connector. Authentication methods that are configured on a connector deployed behind the DMZ in an outbound-only connection mode to the VMware Identity Manager service.

Authentication methods that you configure in this Built-in identity provider can be enabled in other built-in identity providers you add. You do not need to configure authentication methods in the built-in identity providers you add.

The following authentication methods do not require a connector and are configured from the default Built-in identity provider.

  • Mobile SSO for iOS

  • Certificate (cloud deployment)

  • Password using the AirWatch Connector

  • VMware Verify for two-factor authentication

  • Mobile SSO for Android

  • Device Compliance with AirWatch

  • Password (local directory)


The outbound-only connection mode does not require any firewall port to be opened.

When these authentication methods are configured in the Built-in identity provider, if users and groups are located in an enterprise directory, before using these authentication methods, you must sync the users and groups into the VMware Identity Manager service.

After you enable the authentication methods, you then create access policies to apply to these authentication methods.