VMware Identity Manager supports adding multiple tenants of a service provider to a VMware Identity Manager instance. If you have multiple tenants of an app such as Office 365 that may be used by different lines of business in your organization, you can add all the tenants to a single instance of VMware Identity Manager. This enables you to manage SSO and access to all the tenants from one location.

To add multiple tenants, you add multiple copies of the app to the VMware Identity Manager catalog and then modify the configuration of each. Map each copy of the app to a different tenant of the service provider. Each tenant can have one or more domains. You also need to entitle users to the appropriate copy of the app.

When users log into Workspace ONE and click the app to which they are entitled, the correct app is launched. When users log into the service provider directly, the service provider redirects to VMware Identity Manager for authentication and VMware Identity Manager authenticates the user and launches the correct app based on user entitlements.

Procedure

  1. In the VMware Identity Manager console, select the Catalog > Web Apps tab.
  2. Click New.
  3. Select the app from the cloud application catalog by either typing its name in the search box or clicking "browse from the catalog" and selecting it.
    The fields on the Definition and Configuration pages are partially populated.
  4. Follow the wizard to configure the app and click Save.
  5. Create a copy of the app by doing one of the following:
    • Create a new app by clicking New in the Catalog > Web Apps page and adding the app from the cloud application catalog.
    • Copy the app by clicking the app in the Catalog > Web Apps page, then clicking Copy.
    Edit fields such as the name and description so that the new app can be easily identified.
  6. Configure each copy of the app for the appropriate tenant.
    • Map each copy of the app to a different service provider tenant.
    • Ensure that users are unique across all service provider domains and tenants.
      Note: If the users are not unique, ensure that the service provider POST URLs, that is, the Assertion Consumer Service URLs that you enter in the VMware Identity Manager console, are unique across tenants.
  7. Configure user entitlements for each copy of the app. Entitle users to the appropriate tenant.
    1. In the Catalog > Web Apps tab, click the copy of the app that corresponds to the tenant.
    2. Click Assign.
    3. Select users and groups by typing the names in the search box and selecting from the results.
    4. Select the deployment type for each user and group.
      Regardless of whether you select the User Activated or Automatic option, the application is added to the Catalog page in Workspace ONE. Users can run the application from the Catalog page or move it to the Bookmarks page. However, if you want to set up an approval flow for the app, you must select User Activated for the app.
    5. Click Save.