The connector is a part of the VMware Identity Manager service. When you install a VMware Identity Manager virtual appliance, a connector component is always included by default.

The connector performs the following functions.

  • Syncs user and group data between your enterprise directory and the corresponding directory you create in the service.

  • When used as an identity provider, authenticates users to the service.

    The connector is the default identity provider.

As a connector is already available as part of the service, in typical deployments you do not need to install an additional connector.

In some scenarios, however, you might need an additional connector. For example:

  • If you have multiple directories of type Active Directory (Integrated Windows Authentication), you need a separate connector for each.

    A connector instance can be associated with multiple directories. A partition called the worker is created in the connector for each directory. However, you cannot have two workers of the Integrated Windows Authentication type in the same connector instance.

  • If you want to manage users' access based on whether they sign in from an internal or external location.

  • If you want to use certificate-based authentication but your load balancer is configured to terminate SSL at the load balancer. Certificate authentication requires SSL pass-through at the load balancer.

To install an additional connector, you perform the following tasks.

  • Download the connector OVA package.

  • Generate an activation token in the service.

  • Deploy the connector virtual appliance.

  • Configure connector settings.

Any additional connectors you deploy appear in the service user interface.