A local directory is one of the types of directories that you can create in the VMware Identity Manager service. A local directory enables you to provision local users in the service and provide them access to specific applications, without having to add them to your enterprise directory. A local directory is not connected to an enterprise directory and users and groups are not synced from an enterprise directory. Instead, you create local users directly in the local directory.
A default local directory, named System Directory, is available in the service. You can also create other local directories.
The System Directory is a local directory that is automatically created in the service when it is first set up. This directory uses a domain called System Domain. You cannot change the directory or domain name of the System Directory, or add new domains to it. You cannot delete the System Directory or the System Domain.
The local administrator user that is created when you first set up the VMware Identity Manager appliance is created in the System Domain of the System Directory.
You can add other local users to the System Directory. The System Directory is typically used to set up a few local administrator users to manage the service. To provision end users and additional administrators and entitle them to applications, creating a new local directory is recommended.
Besides the System Directory, other local directories can be created. Each local directory can have one or more domains. When you create local users, you specify the directory and domain for users.
You can select user attributes that are required for the local users. User attributes such as userName, lastName, firstName, and email are specified at the global level in the VMware Identity Manager service and are required. Global user attributes apply to all directories in the service. At the local directory level, you can select other attributes that are required for the directory. Selecting other attributes allows you create a custom set of attributes for each local directory.
Creating local directories with customized mapped attributes is useful in scenarios such as the following.
- You can create a local directory for a specific type of user that is not part of your enterprise directory. For example, you can create a local directory for partners, and provide partners access to only the specific applications they need.
- If you want different user attributes or authentication methods for different sets of users, you can create different local directories. For example, you can create a local directory for distributors that has user attributes such as region and market size, and another local directory for suppliers that has user attributes such as product category and supplier type.
Identity Provider for System Directory and Local Directories
By default, the System Directory is associated with an identity provider named System Identity Provider. The Password (Cloud Directory) method is enabled by default on this identity provider and applies to the default_access_policy_set policy for the ALL RANGES network range and the Web Browser device type. You can configure additional authentication methods and set authentication policies.
When you create a new local directory, it is not associated with any identity provider. After creating the local directory, create a new identity provider of type Embedded and associate the directory with it. Enable the Password (Cloud Directory) authentication method on the identity provider. Multiple local directories can be associated with the same identity provider.
The VMware Identity Manager connector is not required for either the System Directory or for local directories you create.
For more information, see "Configuring User Authentication in VMware Identity Manager" in VMware Identity Manager Administration.
Password Management for Local Directory Users
By default, all users of local directories can change their password in the user portal or from the app. You can set a password policy for local users. You can also reset local user passwords as needed.
Users can change their passwords when they are logged into the Workspace ONE portal by clicking their name in the top-right corner, selecting Account from the drop-down menu, and clicking the Change Password link. In the Workspace ONE app, users can change their passwords by clicking the triple-bar menu icon and selecting Password.
For information on setting password policies and resetting local user passwords, see "Managing Users and Groups" in VMware Identity Manager Administration.