You must configure the Internet Explorer browser if Kerberos is configured for your deployment and if you want to grant users access to the Web interface using Internet Explorer.

Kerberos authentication works in conjunction with VMware Identity Manager on Windows operating systems.

Note: Do not implement these Kerberos-related steps on other operating systems.

Prerequisites

Configure the Internet Explorer browser for each user or provide users with the instructions after you configure Kerberos.

Procedure

  1. Verify that you are logged into Windows as a user in the domain.
  2. In Internet Explorer, enable automatic log in.
    1. Select Tools > Internet Options > Security.
    2. Click Custom level.
    3. Select Automatic login only in Intranet zone.
    4. Click OK.
  3. Verify that this instance of the connector virtual appliance is part of the local intranet zone.
    1. Use Internet Explorer to access the VMware Identity Manager VMware Identity Manager sign in URL at https://myconnectorhost.domain/authenticate/.
    2. Locate the zone in the bottom right corner on the status bar of the browser window.
      If the zone is Local intranet, Internet Explorer configuration is complete.
  4. If the zone is not Local intranet, add the VMware Identity Manager sign in URL to the intranet zone.
    1. Select Tools > Internet Options > Security > Local intranet > Sites.
    2. Select Automatically detect intranet network.
      If this option was not selected, selecting it might be sufficient for adding the to the intranet zone.
    3. (Optional) If you selected Automatically detect intranet network, click OK until all dialog boxes are closed.
    4. In the Local Intranet dialog box, click Advanced.
      A second dialog box named Local intranet appears.
    5. Enter the VMware Identity Manager URL in the Add this Web site to the zone text box.
      https://myconnectorhost.domain/authenticate/
    6. Click Add > Close > OK.
  5. Verify that Internet Explorer is allowed to pass the Windows authentication to the trusted site.
    1. In the Internet Options dialog box, click the Advanced tab.
    2. Select Enable Integrated Windows Authentication.
      This option takes effect only after you restart Internet Explorer.
    3. Click OK.
  6. Log in to the Web interface to check access.
    If Kerberos authentication is successful, the test URL goes to the Web interface.

Results

The Kerberos protocol secures all interactions between this Internet Explorer browser instance and VMware Identity Manager. Now, users can use single sign-on to access their Workspace ONE portal.