To use your VMware Identity Manager tenant, you need an on-premises component for user authentication and directory integration. Two main types of deployment models are available, one that integrates with a Workspace ONE UEM deployment, and one that does not require Workspace ONE UEM and uses the VMware Identity Manager connector.
You can also combine deployment models if you require functionality that is not supported in one of the models.
Deployment Model using AirWatch Cloud Connector
If you have an existing Workspace ONE UEM deployment, you can integrate your VMware Identity Manager tenant with it quickly. In this model, user and group sync from your enterprise directory and user authentication are handled by Workspace ONE UEM. There are no additional deployment requirements for VMware Identity Manager.
Note that integrating VMware Identity Manager with resources such as Horizon 7 and Citrix-published resources is not supported in this model. Only integration with Web applications and native mobile applications is supported.
Deployment Model using VMware Identity Manager Connector (in outbound-only connection mode)
To use your VMware Identity Manager tenant in a scenario that does not require a Workspace ONE UEM deployment, you install the VMware Identity Manager connector virtual appliance on premises. The connector connects the tenant with on-premises services such as Active Directory. In this model, user and group sync from your enterprise directory and user authentication are handled by the VMware Identity Manager connector. The connector is installed in outbound-only connection mode and does not require inbound firewall port 443 to be opened.
Adding Kerberos authentication support to your deployment
You can add Kerberos authentication for internal users (which requires inbound connection mode) to your deployment of outbound-only connection mode connectors.
VMware Identity Manager Connector Legacy Deployment Model
The VMware Identity Manager connector can also be installed in legacy mode, which requires opening inbound firewall port 443 to the connector.
For information about installing and configuring the connector in this model, see Installing and Configuring VMware Identity Manager Connector (Legacy Mode).