From the Identity and Access Management tab in the VMware Identity Manager console, you can set up and manage the authentication methods, access policies, directory service, and customize the end-user portal and VMware Identity Manager console branding.

The following is a description of the setup settings in the Identity and Access Management tab.

Table 1. Identity and Access Management Setup Settings
Setting Description

Setup > Connectors

The Connectors page lists the connectors that are deployed inside your enterprise network. The connector is used to sync user and group data between your enterprise directory and the service. When the connector is used as the identity provider, it authenticates users to the service.

When you associate a directory with a connector instance, the connector creates a partition for the associated directory called a worker. A connector instance can have multiple workers associated with it. Each worker acts as an identity provider. You define and configure authentication methods per worker.

The connector syncs user and group data between your enterprise directory and the service through one or more workers.

Before you can add a connector, click Add Connector to generate an activation code. You paste this activation code in the Setup wizard to establish the communication with the connector.

Setup > Custom Branding In the Custom Branding page, you can customize the appearance of the VMware Identity Manager console header and sign-in screen. See Customize Branding in VMware Identity Manager Service.

To customize the end-user Web portal, mobile and tablet views, go to Catalog > Settings > User Portal Branding. See Customize Branding for the User Portal.

Setup > User Attributes The User Attributes page lists the default user attributes that sync in the directory. You can add other attributes that you can map to Active Directory attributes. See the Directory Integration with VMware Identity Manager guide.
Setup > Auto Discovery

When VMware Identity Manager and Workspace ONE UEM are integrated, you can integrate the Windows Auto-Discovery service that you deployed in your Workspace ONE UEM configuration with the VMware Identity Manager service. For more details about setting up auto discovery in Workspace ONE UEM in on-premises deployments, see the Workspace ONE UEM documentation VMware Workspace ONE UEM Windows Autodiscovery Service Installation Guide.

Register your email domain to use the auto-discovery service to make it easier for users to access their apps portal using Workspace ONE. End users can enter their email addresses instead of the organization's URL when they access their apps portal through Workspace ONE.

Setup > AirWatch On this page, you can set up integration with Workspace ONE UEM. After integration is set up and saved, you can enable the unified catalog to merge applications set up in the Workspace ONE catalog to the unified catalog; enable compliance check to verify that managed devices adhere to Workspace ONE UEM compliance policies, and enable user password authentication through the AirWatch Cloud Connector (ACC). See the Guide to Deploying VMware Workspace ONE.
Setup > Preferences The Preferences page displays features that the admin can enable. This page includes the following preferences.
  • Show that the System Domain on Login Page can be enabled.
  • Persistent cookies can be enabled from this page. See Enable Persistent Cookie.
  • Enable Hide Domain Drop-Down Menu, when you do not want to require users to select their domain before they log in.
  • Select the User Sign-in Unique Identifier option to display the identifier-based login page. See Managing the User Login Experience
  • Customize the Sign-in Input Prompt can be used to customize the prompt in the user text box on the sign-in screen.
Setup > Terms of Use On this page, you can set up Workspace ONE terms of use and ensure that end users accept these terms of use before using the Workspace ONE portal.

The following is a description of the settings used to manage the services in the Identity and Access Management tab.

Table 2. Identity and Access Management Manage Settings
Setting Description
Manage > Directories

The Directories page lists directories that you created. You create one or more directories and then sync those directories with your enterprise directory deployment. On this page, you can see the number of groups and users that are synced to the directory and the last sync time. You can click Sync Now, to start the directory sync.

See the Directory Integration with VMware Identity Manager guide.

When you click a directory name, you can edit the sync settings, navigate the Identity Providers page, and view the sync log.

From the directories sync settings page, you can schedule the sync frequency, see the list of domains associated with this directory, change the mapped attributes list, update the user and groups list that syncs, and set the safeguard targets.

Manage > Identity Providers The Identity Providers page lists the identity providers that you configured. The connector is the initial identity provider. You can add third-party identity provider instances or have a combination of both. The VMware Identity Manager Built-in identity provider can be configured for authentication.

See Add and Configure an Identity Provider Instance.

Manage > Password Recovery Assistant On the Password Recovery Assistant page, you can change the default behavior when "Forgot password" is clicked on the sign-in screen by the end user.
Manage > Authentication Methods The Authentication Methods page is used to configure authentication methods that can be associated with built-in identity providers. After you configure the authentication methods on this page, you associate the authentication method in the built-in identity provider page.
Manage > Policies

The Policies page lists the default access policy and any other Web application access policies you created. You configure the network ranges to use to allow users access through the IP addresses.

Policies are a set of rules that specify criteria that must be met for users to access their Workspace ONE portal or to launch Web applications that are enabled for them. You can edit the default policy and if Web applications are added to the catalog, you can add new policies to manage access to these Web applications. See Managing Access Policies.