VMware Workspace ONE Access Connector (Windows) 20.10 | October 2020 | Build Workspace ONE Access Connector 20.10.0 Installer.exe

VMware Identity Manager Connector (Windows) | October 2020 | Build VMware Identity Manager Connector Installer.exe

VMware Identity Manager Integration Broker | October 2020 | Build 16975699

Latest Release - February 2021

What's in the Release Notes

Release notes cover the following topics

What's New in the February 2021 Release

Improved User and Group Provisioning into Workspace ONE UEM

The new Enable Certificate Auth option in the AirWatch Provisioning app simplifies the process and requirements for provisioning users and groups into Workspace ONE UEM from Workspace ONE Access. When this option is enabled, the AirWatch Provisioning app will mimic the settings that have been configured in the Workspace ONE Access console Identity & Access Management > Setup > VMware Workspace ONE UEM page. There are three main benefits to this update.

  • When using certificate-based authentication, administrators no longer need to update the password of the account used for user and group provisioning every 30 days.
  • If the integration between Workspace ONE Access and Workspace ONE UEM was configured using Workspace ONE UEM’s wizard (found in Workspace ONE UEM console System > Enterprise Integration > Workspace ONE Access > Configuration page), user and group provisioning events will no longer count against Workspace ONE UEM’s REST API request limits.
  • The initial setup of the AirWatch Provisioning app is simplified as most of the required values are automatically populated.

Improved iPad Device Identification for Conditional Access Policies

With this release of Workspace ONE Access, iPads are no longer incorrectly identified as macOS devices based on their User-Agent string. This allows the iOS and iPad device types to be used to apply Conditional Access to iPads. The iOS device type can be used to uniformly apply Conditional Access to both iOS and iPadOS devices whereas the iPad device type can be used in environments where a different authentication experience between iOS and iPadOS devices is desired. Note that the iPad device type must be placed at a higher priority than the iOS device type if both options are being used in a single policy.

This change is required because in iPadOS 13 Apple changed the default behavior of the Safari browser so that it requests the Desktop version of web pages on an iPad rather than the Mobile version. The default behavior ultimately means that iPads running iPadOS 13 or newer present themselves to Workspace ONE Access as a macOS device rather than an iPad. With the January release, the workaround described in this KB article is no longer required.

Workspace ONE Access now Supports FIDO2 as an Authentication Method

Workspace ONE Access now allows FIDO2 authenticators to be registered and used for authentication. With this release, end users can now authenticate into Workspace ONE Intelligent Hub and Workspace ONE Access federated apps using a FIDO2 authenticator (i.e., YubiKey, Touch ID, Windows Hello). End users can also self-register a FIDO2 authenticator to be used as their primary or secondary method of authentication. Administrators also can add, remove, block, or unblock authenticators on behalf of end users.  Note: FIDO2 authentication currently only supports authentication in desktop browsers.

FIDO2 authentication is only available for Workspace ONE SaaS customers.

Introducing Login Risk Based Conditional Access

With the new Login Risk Score Authentication Method, you can now factor in a user's login risk score to authentication decisions. This means you can define policies using the login risk score to apply the right access controls when a user tries to access the network. For example, if the login risk score is low – allow access, medium – ask for MFA (Multi Factor Authentication) (multi-factor authentication, for example with RSA SecurID or VMware Verify), and high – deny access.  

The login risk score is assigned by Workspace ONE Intelligence using its proprietary risk scoring engine. See  Risk Scores - What are Login Risk Scores in the Workspace ONE Intelligence documentation.

Limit Monitoring Dashboard  

To ensure service availability, the Workspace ONE Access SaaS service sets rate limits and concurrency limits on certain APIs. When these limits are exceeded, a 429 'Too many requests' error is returned, and your users might not be able to log in or launch applications temporarily. When this happens, users can wait a minute before trying again. The new Limit Monitoring dashboard allows you to view these limits and monitor your usage against them.


VMware Workspace ONE Access is available in the following languages.

  • English
  • French
  • German
  • Spanish
  • Japanese
  • Simplified Chinese
  • Korean
  • Traditional Chinese
  • Russian
  • Italian
  • Portuguese (Brazil)
  • Dutch

Compatibility, Installation, and Upgrade

Component Compatibility

Windows Server Supported

  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

Web Browser Supported

  • Mozilla Firefox, latest version
  • Google Chrome 42.0 or later
  • Internet Explorer 11
  • Safari 6.2.8 or later
  • Microsoft Edge, latest version

Database Supported

  • MS SQL 2012, 2014, 2016, 2017

Directory Server Supported

  • Active Directory - Single AD domain, multiple domains in a single AD forest, or multiple domains across multiple AD forests.
  • OpenLDAP - 2.4.42
  • Oracle LDAP - Directory Server Enterprise Edition 11g, Release 1 (
  • IBM Tivoli Directory Server 6.3.1

 Component Versions No Longer Supported

  • Windows Server 2008R2
  • Windows Server 2012

This impacts Workspace ONE Access Connectors, Integration Broker, or database that might be installed on these versions of the Windows server.

This impacts Active Directory if it  running on these versions of a Windows server.

Compatibility Matrix

VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components, such as VMware vCenter Server, VMware ThinApp, and Horizon 7.

VMware Connector Compatibility

VMware Workspace ONE Access Connector (Windows)

The VMware Workspace ONE Access connector is an on-premises component of VMware Workspace ONE Access that integrates with your on-premises infrastructure. The connector is a collection of enterprise services that can be installed individually or together on Windows servers. The following service components can be installed.

  • Directory Sync service to sync users from your enterprise directories
  • User Auth service that includes Password (cloud), RSA SecurID (cloud), and RADIUS (cloud)
  • Kerberos Auth service for Kerberos authentication

Migrating to Workspace ONE Access 20.10 Connectors

If you are upgrading to Workspace ONE® Access™ 20.10 from a version prior to 19.03, to use the new Workspace ONE Access 20.10 connectors you must follow a migration process. The process includes installing new 20.10 connectors and migrating your existing directories to the new connectors.

You cannot upgrade legacy connector versions to 20.10. You migrate to the 20.10 connector from legacy connectors, you migrate your directories. When you migrate the directories, all data, including authentication methods and identity providers, is migrated.

See Migrating to VMware Workspace ONE Access 20.10 Connectors.

Upgrade to 20.10

To upgrade Workspace ONE Access connector 20.01 to 20.10, see Upgrading to VMware Workspace ONE Access Connector 20.10.

VMware Workspace ONE Access Connector

You can upgrade to the Windows-based VMware Identity Manager connector from version to get the latest security updates and resolved issues. The connector supports Virtual Apps, specifically Horizon, Horizon Cloud, and Citrix integrations with Workspace ONE Access. See Upgrading to VMware Identity Manager Connector (Windows)

Virtual Applications

The Workspace ONE Access 20.10 connector does not support Virtual Apps (Citrix, Horizon, Horizon Cloud, and ThinApp integrations). If your environment includes Virtual Apps or you plan to use Virtual Apps in the future, do not migrate to Workspace ONE Access 20.10 connectors.

To use virtual apps with Workspace ONE Access 20.10, you must use VMware Identity Manager connector version or

To use VMware ThinApp with Workspace ONE Access 20.01,  you must use VMware Identity Manager Linux-based connector appliance version 2018.8.1.  If you use ThinApp packages do not upgrade to the 19.03 or the 20.10 version of VMware Workspace ONE Access connector.

  • VMware Identity Manager Desktop 3.2 | March 2018 | Build 7952055 is used with ThinApp packages


The VMware Workspace ONE Access documentation is in the VMware Workspace ONE Access Documentation Center.

check-circle-line exclamation-circle-line close-line
Scroll to top icon