To enable the integration of the NSX Policy Manager with vIDM, you must provide information about the vIDM host.

The vIDM server should have a certificate signed by a certificate authority (CA). Otherwise, logging in to vIDM from NSX Policy Manager might not work with certain browsers, such as Microsoft Edge or Internet Explorer 11. For information about installing a CA-signed certificate on vIDM, see https://docs.vmware.com/en/VMware-Identity-Manager/3.1/vidm-install/GUID-B76761BF-4B12-4CD5-9366-B0A1A2BF2A8B.html.

When you register the NSX Policy Manager with vIDM, you specify a redirect URI that points to the Policy Manager. You can provide either the fully qualified domain name (FQDN) or the IP address. It is important to remember whether you use the FQDN or the IP address. When you try to log in to the Policy Manager through vIDM, you must specify the host name in the URL the same way, that is, if you use the FQDN when registering the manager with vIDM, you must use the FQDN in the URL, and if you use the IP address when registering the manager with vIDM, you must use the IP address in the URL. Otherwise, login will fail.

Prerequisites

Procedure

  1. From your browser, log in to the NSX Policy Manager at https://nsx-policy-manager-IP-address.
  2. Select System > Users from the navigation panel.
  3. Click the Configuration tab.
  4. Click Edit.
  5. Click the VMware Identity Manager Integration toggle to Enabled.
  6. Provide the following information.
    Parameter Description
    VMware Identity Manager Appliance The fully qualified domain name (FQDN) of the vIDM host.
    OAuth Client ID The ID that is created when registering NSX Policy Manager to the vIDM host.
    OAuth Client Secret The secret that is created when registering NSX Policy Manager to the vIDM host.
    SHA-256 Thumbprint The certificate thumbprint of the vIDM host.
    NSX Policy Appliance The IP address or fully qualified domain name (FQDN) of NSX Policy Manager. If you specify a FQDN, you must access NSX Policy Manager from a browser using the manager's FQDN in the URL, and if you specify an IP address, you must use the IP address in the URL. Alternatively, the vIDM administrator can configure the NSX Policy Manager client so that you can connect using either the FQDN or the IP address.
  7. Click Save.