To configure VMware Identity Manager to provide users access to ThinApp packages, you create a virtual apps collection which contains configuration information such as the path to the storage location of the packages, the connector to use for sync, and the sync schedule.

You can only create a single virtual apps collection for all your ThinApps integrations.


  • Create a network share with the appropriate configuration and store the ThinApp packages in the appropriate location in that network share. See Create a Network Share for ThinApp Packages That VMware Identity Manager Manages.
  • Verify that you have the UNC path to the network share folder where the ThinApp packages are located.
  • If the connector is not already domain-joined, verify that you have an Active Directory domain name and the username and password of an account in that Active Directory that has the rights to join the domain. Even if you are using account-based access, the VMware Identity Manager console requires the completion of the Join Domain page before you can use the ThinApp Packages page.

    To enable domain-based access, you must also join VMware Identity Manager to the same Active Directory domain to which the ThinApp package repository is joined. Verify that you have the Active Directory domain name for the domain that the network share uses and the username and password of an account in that Active Directory that has the rights to join the domain. The Active Directory account is used to join VMware Identity Manager to the domain.

  • When enabling account-based access, verify that you have a username and password that has permission to read the network share. See VMware Identity Manager Requirements for ThinApp Packages and the Network Share Repository.
    Note: Unless you want to restrict use of the ThinApp packages to domain-joined Windows systems for all runtime situations, you should enable account-based access in addition to domain-based access. This combination provides the most flexibility for supporting runtime situations where users need to use their entitled ThinApp packages without joining their Windows systems to the domain.
  • You must use an administrator role that can perform the Manage ThinApps action in the Catalog service.


  1. (VMware Identity Manager Linux virtual appliance only) If the connector is not already domain-joined, join it to the Active Directory domain.
    1. Log in to the VMware Identity Manager console.
    2. Select the Identity & Access Management tab.
    3. Click Setup.
    4. In the Connectors page, click Join Domain in the appropriate connector row.
    5. On the Join Domain page, type the information for the Active Directory domain and click Join Domain.
      Important: Do not use non-ASCII characters when you enter the Active Directory (AD) domain name, AD username, or AD password. Non-ASCII characters are not supported in these entry fields in the VMware Identity Manager console.
      Option Description
      AD Domain Type the fully qualified domain name of the Active Directory. An example is HS.TRDOT.COM.
      AD Username Type the username of an account in the Active Directory that has permissions to join systems to that Active Directory domain.
      AD Password

      Type the password associated with the AD Username. This password is not stored by VMware Identity Manager.

    The Join Domain page refreshes and displays a message that you are currently joined to the domain.
  2. Select the Catalog > Virtual Apps tab, then click Virtual Apps Configuration.
  3. Click Add Virtual Apps and select ThinApp Application.
  4. Enter a unique name for the collection.
  5. From the Sync Connectors drop-down menu, select the connector that you want to use to sync the resources in this collection.

    If you have set up multiple connectors for high availability, click Add Connector and select all the connectors that appear in the list. The order in which the connectors are listed determines the failover order.

    Important: Ensure that you add all the connectors. When an application is launched using HTTP_DOWNLOAD mode, the request may be sent to any of the connectors.
  6. In the Path text box, type the path to the shared folder where the ThinApp packages' folders are located, in the UNC path format \\server\share\subfolder. For example: \\DirectoryHost\ThinAppFileShare . For DirectoryHost, provide the hostname, not the IP address.
    For both CIFS and DFS network shares, this path must be a directory under the namespace, and not the namespace itself.
  7. To enable account based access to the stored ThinApp packages, select the check box and enter values in the Share User and Share Password text boxes.
    Account based access is required in the following cases:
    • For NetApp storage systems and other brands of DFS network shares
    • If you are using HTTP download deployment mode
    • If you want users to be able to use their entitled ThinApp packages on non-domain-joined Windows systems
    Option Description
    Share User Type the username for a user account that has read access to the network share.
    Share Password Type the password associated with the Share User user account.
  8. From the Sync Frequency drop-down menu, select how often you want to sync the resources in this collection.
    You can set up a regular sync schedule or choose to sync manually. If you select Manual, you must click Sync on the Virtual Apps Configuration page after you set up the collection and whenever there is a change in your ThinApp packages.
  9. From the Activation Type drop-down list, select how ThinApp packaged applications are made available to users in Workspace ONE.
    With both the User Activated and Automatic options, the resources are added to the Catalog page. Users can use the resources from the Catalog page or move them to the Bookmarks page. However, to set up an approval flow for any of the apps, you must select User Activated for that app.

    The activation policy that you select on this page applies to all user entitlements for all the resources in the collection. You can modify the activation policy for individual users or groups per resource, from the application or desktop's Entitlements page.

    Setting the activation policy for the collection to User Activated is recommended if you intend to set up an approval flow.

  10. Click Save.
    The collection is created and appears in the Virtual Apps page. The applications are not synced yet.
  11. To sync the applications in the collection, click Sync next to the collection in the Virtual Apps Configuration page.
    Each time ThinApp applications or entitlements change, a sync is required to propagate the changes to VMware Identity Manager.


VMware Identity Manager is now configured so that you can entitle groups and users to ThinApp packages, and those users can run their entitled ThinApp packages using the VMware Identity Manager Desktop application installed on their Windows systems.

What to do next

Entitle groups and users to ThinApp packages. See VMware Identity Manager Administration for information.