VMware Identity Manager for Linux 3.3.2 | April 2020 | Build 15951611 VMware Identity Manager (Windows) 3.3.2 | April 2020 | Build VMware Identity Manager Connector Installer.exe Release date: April 2020 Updated: December 8, 2020

NEW  12/08/2020       This release has been determined to be impacted by CVE-2020-4006. Fixes and workarounds are available to address this vulnerability. For more information, see VMSA-2020-0027.

What's in the Release Notes

The release notes cover the following topics:

• Products that can upgrade to VMware Identity Manager 3.3.2
• What's New in 3.3.2
• Internationalization
• Compatibility, Installation, and Upgrade
• Documentation
• Known Issues

VMware Products that can upgrade to VMware Identity Manager 3.3.2

• VMware vRealize Products such as vRealize Automation, vRealize Suite Lifecycle Manager (vRSLCM), vRealize Operations, vRealize Business, vRealize Log insight, and vRealize Network Insight for Authentication and SSO

  • vRealize products that are deployed and managed through vRealize Suite Lifecycle Manager only can consume VMware Identity Manager 3.3.1 or 3.3.2..

  • vRealize Suite Lifecycle Manager can now handle a brand-new installation of VMware Identity Manager 3.3.1 or 3.3.2, or an upgrade to 3.3.2 from VMware Identity Manager 3.3.1.

• VMware NSX-T Data Center for Authentication and SSO
  • NSX-T can be deployed with VMware Identity Manager 3.3.1 or 3.3.2 or upgraded to 3.3.2 from an earlier version.

What's New for VMware Identity Manager 3.3.2

Multi-tenancy support

Ability to create root tenant and subtenants in VMware Identity Manager through vRealize Lifecycle Manager

Tenant in host name

Root and subtenant names will be a part of the host name and not in the path.

Support LDAP signing and LDAP channel binding

See the VMware KB article 77158 Support LDAP Signing and LDAP Channel Binding with VMware Workspace ONE Access, Identity Manager.

Note: You do not need to apply the hot fix mentioned in the KB article. The VMware Identity Manager 3.3.2 release includes the hot-fix mentioned in the KB article.

After installing VMware Identity Manager 3.3.2, the functionality of Active Directory over IWA will become incompatible with the StartTLS option. Follow these high-level steps.

1. Disable StartTLS option in the Active Directory over IWA configuration before upgrading to the VMware Identity Manager 3.3.2.
2. DO NOT enable StartTLS option in Active Directory over IWA configuration after installing or upgrading to VMware Identity Manager 3.3.2.

Internationalization

VMware Identity Manager 3.3 is available in the following languages.

• English
• French
• German
• Spanish
• Japanese
•  Simplified Chinese
• Korean
• Taiwan
• Russian
• Italian
• Portuguese (Brazil)
• Dutch

Compatibility, Installation, and Upgrade

VMware vCenter™ and VMware ESXi™ Compatibility

VMware Identity Manager appliance supports the following versions of vSphere and ESXi.

• 6.5 U3, 6.7 U2, 6.7 U3, 7

Component Compatibility

Windows Server Supported

• Windows Server 2008 R2
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016

Web Browser Supported

• Mozilla Firefox, latest version
• Google Chrome 42.0 or later
• Internet Explorer 11
• Safari 6.2.8 or later
• Microsoft Edge, latest version

Database Supported

• Postgres 9.6.16
• MS SQL 2012, 2014, and 2016

Directory Server Supported

• Active Directory on Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, and 2019 with a Domain functional level and Forest functional level of Windows 2003 and later.
• OpenLDAP - 2.4.42
• Oracle LDAP - Directory Server Enterprise Edition 11g, Release 1 (11.1.1.7.0)
• IBM Tivoli LDAP - IBM Security Directory Server 6.3.1

VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components,

For other system requirements, see the VMware Identity Manager Installation guides for 3.3 on the VMware Workspace ONE Access Documentation center.

Upgrading to VMware Identity Manager 3.3.2 (Linux)

To upgrade to VMware Identity Manager for Linux 3.3.2, see Upgrading VMware Identity Manager 3.3.2 (Linux) on the VMware Workspace ONE Access Documentation center. During the upgrade, all services are stopped, so if only one connector is configured plan the upgrade with the expected downtime in mind.

You must upgrade to VMware Identity Manager version 3.3.1 and then upgrade to VMware Identity Manager 3.3.2.

Note: When you upgrade to VMware Identity Manager 3.3.2 for Linux, if you see the following error message and the upgrade is aborted, follow these steps to update the certificate. After the certificate is updated, restart the upgrade.

"Certificate auth configuration update required for tenant <tenantName> prior to upgrade. Pre-update check failed, aborting upgrade."

1. Log in to the VMware Identity Manager console.
2. Navigate to Identity & Access Management > Setup.
3. In the Connectors page, click the link in the Worker column
4. Click the Auth Adapters tab, then click CertificateAuthAdapter.
5. In the Uploaded CA Certificates section, click the red X next to the certificate to remove it.
6. In the Root and intermediate CA Certificates section, click Select File to re-add the certificate.
7. Click Save.

VMware Identity Manager Connector 3.3.2 (Windows)

If you installed the VMware Identity Manager Connector for Windows 3.3.1 with vRealize Suite Lifecycle Manager, you cannot upgrade to 3.3.1.  You must install the new 3.3.2 version of the connector.

If you installed the VMware Identity Manager Connector for Windows 3.3.1 using the .exe installler, you can upgrade your connector to 3.3.2.

Documentation

The VMware Identity Manager 3.3 documentation is in the VMware Workspace ONE Access Documentation center. The 3.3.2 upgrade guide can be found under VMware Identity Manager 3.3 in the Installation & Architecture section.

Known Issues

• The Test Connection button  to verify the  directory connection for a child tenant does not work

  When trying to create a directory on the child tenant using the external connector activated against the master tenant, clicking the Test Connection button shows in process and does not complete the test.

  Click the Save & Next button to save the directory configuration.

• An elasticsearch error displays when installing VMware Identity Manager 3.3.2

  When installing VMware Identity Manager 3.3.2, an elasticsearch error display a message that says there was an error deploying elasticsearch.

  You can ignore this error. When you finish the installation, the issue is resolved.