Authentication methods that are configured on a connector deployed behind the DMZ in an outbound-only connection mode can be associated to the built-in identity provider when you configure the built-in identity provider.


  • Users and groups located in an enterprise directory must be synced to VMware Identity Manager Directory.

  • List of the network ranges that you want to direct to the built-in identity provider instance for authentication.

  • To enable authentication methods from the built-in identity provider, make sure that the authentication methods are configured in the connector.


  1. In the Identity & Access Management tab, go to Manage > Identity Providers.
  2. Select the identity provider labeled Built-in and configure the identity provider details.



    Identity Provider Name

    Enter the name for this built-in identity provider instance.


    Select which users to authentication. The configured directories are listed.


    The existing network ranges configured in the service are listed. Select the network ranges for the users based on the IP addresses that you want to direct to this identity provider instance for authentication.

    Authentication Methods

    The authentication methods that are configured in the Identity & Access Management Manage > Auth Methods page are displayed. Select the check box for the authentication methods to associate to the identity provider.

    For Device Compliance (with AirWatch) and Password (AirWatch Connector), make sure that the option is enabled in the AirWatch configuration page.


    Select the connector that is configured in outbound-only connection mode.

    Connector Authentication Methods

    Authentication methods configured on the connector are listed in this section. Select the check box to associate the authentication methods.

  3. If you are using Built-in Kerberos authentication, download the KDC issuer certificate to use in the AirWatch configuration of the iOS device management profile.
  4. Click Save.