You can integrate NSX-T Data Center with VMware Identity Manager (vIDM), which provides identity management services.
The vIDM server should have a certificate signed by a certificate authority (CA). Otherwise, logging in to vIDM from NSX Manager might not work with certain browsers, such as Microsoft Edge or Internet Explorer 11. For information about installing a CA-signed certificate on vIDM, see the VMware Identity Manager documentation at https://docs.vmware.com/en/VMware-Identity-Manager/index.html.
With vIDM enabled, you can still log in to NSX Manager with a local user account if you use the URL
If you use the UserPrincipalName (UPN) to log in to vIDM, authentication to NSX-T might fail. To avoid this issue, use a different type of credentials, for example, SAMAccountName.
If using NSX Cloud, you can log in to CSM separately using the URL
- Verify that you have the certificate thumbprint from the vIDM host. See Obtain the Certificate Thumbprint from a vIDM Host.
- Verify that NSX Manager is registered as an OAuth client to the vIDM host. During the registration process, note the client ID and the client secret. For more information, see the VMware Identity Manager documentation at https://docs.vmware.com/en/VMware-Identity-Manager/index.html
NSX Cloud Note: If using NSX Cloud, also verify that CSM is registered as an OAuth client on the vIDM host.
- From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
- Select .
- Click the Configuration tab.
- Click Edit.
- To enable external load balancer integration, click the External Load Balancer Integration toggle.
Note: If you have Virtual IP (VIP) set up (check ), you cannot use the External Load Balancer Integration even if you enable it. This is because you can either have VIP or the External Load Balancer while configuring vIDM but not both. Disable VIP if you want to use the External Load Balancer. See Configure a Virtual IP (VIP) Address for a Cluster in the NSX-T Data Center Installation Guide for details.
- To enable VMware Identity Manager integration, click the VMware Identity Manager Integration toggle.
- Provide the following information.
Parameter Description VMware Identity Manager Appliance The fully qualified domain name (FQDN) of the vIDM host. OAuth Client ID The ID that is created when registering NSX Manager to the vIDM host. OAuth Client Secret The secret that is created when registering NSX Manager to the vIDM host. SSL Thumbprint The certificate thumbprint of the vIDM host. NSX Appliance The IP address or fully qualified domain name (FQDN) of NSX Manager. If you are using an NSX Manager cluster, use the load balancer FQDN or cluster VIP FQDN or IP address. If you specify a FQDN, you must access NSX Manager from a browser using the manager's FQDN in the URL, and if you specify an IP address, you must use the IP address in the URL. Alternatively, the vIDM administrator can configure the NSX Manager client so that you can connect using either the FQDN or the IP address.
- Click Save.
- If using NSX Cloud, repeat steps 1 through 8 from the CSM appliance by logging in to CSM instead of NSX Manager.