Authentication methods that are configured on a connector deployed behind the DMZ in an outbound-only connection mode can be associated to the built-in identity provider when you configure the built-in identity provider.
Prerequisites
- Users and groups located in an enterprise directory must be synced to VMware Identity Manager Directory.
- List of the network ranges that you want to direct to the built-in identity provider instance for authentication.
- To enable authentication methods from the built-in identity provider, make sure that the authentication methods are configured in the connector.
Procedure
- In the VMware Identity Manager console Identity & Access Management tab, go to .
- Select the identity provider labeled Built-in and configure the identity provider details.
Option Description Identity Provider Name Enter the name for this built-in identity provider instance. Users Select which users to authentication. The configured directories are listed. Network The existing network ranges configured in the service are listed. Select the network ranges for the users based on the IP addresses that you want to direct to this identity provider instance for authentication. Authentication Methods The authentication methods that are configured in the Identity & Access Management Manage > Auth Methods page are displayed. Select the check box for the authentication methods to associate to the identity provider. For Device Compliance (with Workspace ONE UEM) and Password (AirWatch Connector), make sure that the option is enabled in the AirWatch configuration page.
Connector(s) Select the connector that is configured in outbound-only connection mode. Connector Authentication Methods Authentication methods configured on the connector are listed in this section. Select the check box to associate the authentication methods. - If you are using Built-in Kerberos authentication, download the KDC issuer certificate to use in the Workspace ONE UEM configuration of the iOS device management profile.
- Click Save.
