To configure the VMware Identity Manager service to provide Kerberos authentication for desktops, you must join to the domain and enable Kerberos authentication on the connector.


  1. In the VMware Identity Manager console Identity & Access Management tab, select Setup.
  2. In the Worker column for the connector, click Auth Adapters.
  3. Click KerberosIdpAdapter
    You are redirected to the identity manager sign-in page.
  4. Click Edit in the KerberosldpAdapter row and configure the Kerberos authentication page.
    Option Description
    Name A name is required. The default name is KerberosIdpAdapter. You can change the name.
    Directory UID Attribute Enter the account attribute that contains the user name.
    Enable Windows Authentication Select Enable Windows Authentication to extend authentication interactions between users' browsers and VMware Identity Manager.
    Enable NTLM Select Enable NTLM for NT LAN Manager (NTLM) protocol-based authentication only if your Active Directory infrastructure relies on NTLM authentication.
    Note: This option is only supported on Linux-based VMware Identity Manager.
    Enable Redirect If multiple connectors are configured in a cluster and Kerberos is set up for high availability behind a load balancer, select Enable Redirect and specify a value for Redirect Host Name.

    If only one connector is deployed, you do not need to use the Enable Redirect and Redirect Host Name options.

    Redirect Host Name A value is required if the Enable Redirect option is selected. Enter the connector's own hostname. For example, if the connector's host name is, enter in the text box.
  5. Click Save.

What to do next

Add the authentication method to the default access policy. Go to the Identity & Access Management > Manage > Policies page and edit the default policy rules to add the Kerberos authentication method to the rule in correct authentication order.