If you have an existing AirWatch deployment, you can integrate VMware Identity Manager with it. You deploy the VMware Identity Manager virtual appliance in the DMZ. In this model, user and group sync from your enterprise directory, and user authentication, are handled by AirWatch.
Note that integrating VMware Identity Manager with resources such as Horizon 7 or Citrix-published resources is not supported in this model. Only integration with Web applications and native mobile applications is supported.
If you plan to configure Android SSO, enable SSL pass-through on port 5262 at the load balancer in front of VMware Identity Manager.
You must have the following components:
An AirWatch server deployment
An AirWatch Cloud Connector instance deployed on premises and integrated with your enterprise directory
The following ports are required for the VMware Identity Manager server:
Inbound 443 (HTTPS)
Inbound 88 (TCP/UDP) - iOS SSO only
Inbound 5262 (HTTPS) - Android SSO only
For AirWatch deployment requirements, see the AirWatch documentation.
Supported Authentication Methods
This deployment model supports the following authentication methods. These methods are available through the VMware Identity Manager Built-in identity provider.
Password (AirWatch Connector)
Mobile SSO (for iOS)
Mobile SSO (for Android)
Device Compliance (with AirWatch)
Certificate (cloud deployment)
In addition, inbound SAML through a third-party identity provider is also available.
Supported Directory Integrations
You integrate your enterprise directory with AirWatch. See the AirWatch documentation for the types of directories supported.
You can integrate the following types of resources with VMware Identity Manager in this deployment model:
Native mobile applications
You cannot integrate the following resources with VMware Identity Manager in this deployment model:
Horizon 7, Horizon 6, or View desktop and application pools
ThinApp packaged applications
Horizon Air - Cloud Hosted Apps and Desktop