To enable outbound-only connection mode for the VMware Identity Manager Connector, associate the connector with the Built-in identity provider.
The Built-in identity provider is available by default in the VMware Identity Manager service and provides additional built-in authentication methods such as VMware Verify. For information about the Built-in identity provider, see the VMware Identity Manager Administration Guide.
The connector can be used in both outbound and regular mode simultaneously. Even if you enable outbound mode, you can still configure Kerberos authentication for internal users using authentication methods and policies.
- In the VMware Identity Manager console, select the Identity & Access Management tab, then click Manage.
- Click the Identity Providers tab.
- Click the Built-in link.
- Enter the following information.
Select the directory or domains that will use the Built-in identity provider.
Select the network ranges that will use the Built-in identity provider.
Select the connector that you set up.Note:
Later, when you add additional connectors for high availability, select and add all of them here to associate them with the Built-in identity provider. VMware Identity Manager automatically distributes traffic among all the connectors associated with the Built-in identity provider. A load balancer is not required.
Connector Authentication Methods
The deployment methods that you enabled for the connector are listed. Select the authentication methods that you want to use.
The PasswordIdpAdapter, which was automatically configured and enabled when you created a directory, is displayed on this page as Password (cloud deployed), which denotes that it is used with the connector in outbound mode.
- Click Save to save the Built-in identity provider configuration.
- Edit policies to use the authentication methods that you enabled.
- In the Identity & Access Management tab, click Manage.
- Click the Policies tab and click the policy you want to edit.
- Under Policy Rules, for the rule you want to edit, click the link in the Authentication Method column.
- In the Edit Policy Rule page, select the authentication method that you want to use for this rule.
- Click OK.
- Click Save.
For more information about configuring policies, see the VMware Identity Manager Administration Guide.
The outbound mode of the connector is now enabled. When a user logs in using one of the authentication methods that you enabled for the connector in the Built-in identity provider page, an HTTP redirect to the connector is not required.