A local directory is one of the types of directories that you can create in the VMware Identity Manager service. A local directory enables you to provision local users in the service and provide them access to specific applications, without having to add them to your enterprise directory. A local directory is not connected to an enterprise directory and users and groups are not synced from an enterprise directory. Instead, you create local users directly in the local directory.
A default local directory, named System Directory, is available in the service. You can also create multiple new local directories.
System Directory
The System Directory is a local directory that is automatically created in the service when it is first set up. This directory has the domain System Domain. You cannot change the name or domain of the System Directory, or add new domains to it. Nor can you delete the System Directory or the System Domain.
The local administrator user that is created when you first set up the VMware Identity Manager appliance is created in the System Domain of the System Directory.
You can add other users to the System Directory. The System Directory is typically used to set up a few local administrator users to manage the service. To provision end users and additional administrators and entitle them to applications, creating a new local directory is recommended.
Local Directories
You can create multiple local directories. Each local directory can have one or more domains. When you create a local user, you specify the directory and domain for the user.
You can also select attributes for all the users in a local directory. User attributes such as userName, lastName, and firstName are specified at the global level in the VMware Identity Manager service. A default list of attributes is available and you can add custom attributes. Global user attributes apply to all directories in the service, including local directories. At the local directory level, you can select which attributes are required for the directory. This allows you to have a custom set of attributes for different local directories. Note that userName, lastName, firstName, and email are always required for local directories.
Creating local directories is useful in scenarios such as the following.
- You can create a local directory for a specific type of user that is not part of your enterprise directory. For example, you can create a local directory for partners, who are not usually part of your enterprise directory, and provide them access to only the specific applications they need.
- You can create multiple local directories if you want different user attributes or authentication methods for different sets of users. For example, you can create a local directory for distributors that has user attributes such as region and market size, and another local directory for suppliers that has user attributes such as product category and supplier type.
Identity Provider for System Directory and Local Directories
By default, the System Directory is associated with an identity provider named System Identity Provider. The Password (Cloud Directory) method is enabled by default on this identity provider and applies to the default_access_policy_set policy for the ALL RANGES network range and the Web Browser device type. You can configure additional authentication methods and set authentication policies.
When you create a new local directory, it is not associated with any identity provider. After creating the directory, create a new identity provider of type Embedded and associate the directory with it. Enable the Password (Cloud Directory) authentication method on the identity provider. Multiple local directories can be associated with the same identity provider.
The VMware Identity Manager connector is not required for either the System Directory or for local directories you create.
For more information, see "Configuring User Authentication in VMware Identity Manager" in VMware Identity Manager Administration.
Password Management for Local Directory Users
By default, all users of local directories have the ability to change their password in the Workspace ONE portal or app. You can set a password policy for local users. You can also reset local user passwords as needed.
Users can change their passwords when they are logged into the Workspace ONE portal by clicking their name in the top-right corner, selecting Account from the drop-down menu, and clicking the Change Password link. In the Workspace ONE app, users can change their passwords by clicking the triple-bar menu icon and selecting Password.
For information on setting password policies and resetting local user passwords, see "Managing Users and Groups" in VMware Identity Manager Administration.