To enable the integration of the NSX Policy Manager with vIDM, you must provide information about the vIDM host.
The vIDM server should have a certificate signed by a certificate authority (CA). Otherwise, logging in to vIDM from NSX Policy Manager might not work with certain browsers, such as Microsoft Edge or Internet Explorer 11. For information about installing a CA-signed certificate on vIDM, see https://docs.vmware.com/en/VMware-Identity-Manager/3.1/vidm-install/GUID-B76761BF-4B12-4CD5-9366-B0A1A2BF2A8B.html.
When you register the NSX Policy Manager with vIDM, you specify a redirect URI that points to the Policy Manager. You can provide either the fully qualified domain name (FQDN) or the IP address. It is important to remember whether you use the FQDN or the IP address. When you try to log in to the Policy Manager through vIDM, you must specify the host name in the URL the same way, that is, if you use the FQDN when registering the manager with vIDM, you must use the FQDN in the URL, and if you use the IP address when registering the manager with vIDM, you must use the IP address in the URL. Otherwise, login will fail.
- Verify that you have the certificate thumbprint from the vIDM host. See Obtain the Certificate Thumbprint from a vIDM Host.
- Verify that NSX Policy Manager is registered as an OAuth client to the vIDM host. During the registration process, note the client ID and the client secret. For more info, see the VMware Identity Manager documentation at https://www.vmware.com/support/pubs/identitymanager-pubs.html.
- From your browser, log in to the NSX Policy Manager at https://nsx-policy-manager-IP-address.
- Select from the navigation panel.
- Click the Configuration tab.
- Click Edit.
- Click the VMware Identity Manager Integration toggle to Enabled.
- Provide the following information.
Parameter Description VMware Identity Manager Appliance The fully qualified domain name (FQDN) of the vIDM host. OAuth Client ID The ID that is created when registering NSX Policy Manager to the vIDM host. OAuth Client Secret The secret that is created when registering NSX Policy Manager to the vIDM host. SHA-256 Thumbprint The certificate thumbprint of the vIDM host. NSX Policy Appliance The IP address or fully qualified domain name (FQDN) of NSX Policy Manager. If you specify a FQDN, you must access NSX Policy Manager from a browser using the manager's FQDN in the URL, and if you specify an IP address, you must use the IP address in the URL. Alternatively, the vIDM administrator can configure the NSX Policy Manager client so that you can connect using either the FQDN or the IP address.
- Click Save.