If you are upgrading to Workspace ONE® Access™ (formerly known as VMware Identity Manager™) 20.01, to use the new Workspace ONE Access 20.01 connectors you need to install one or more 20.01 connectors and migrate your existing directories to the new connectors. You cannot upgrade older connector versions to 20.01.

The new Workspace ONE Access 20.01 connector is a collection of enterprise services that can be installed individually or together on Windows servers. It includes the following services:

  • Directory Sync service: Syncs users from Active Directory or LDAP directories to the Workspace ONE Access service
  • User Auth service: Password (cloud deployment), RSA SecurID (cloud deployment), and RADIUS (cloud deployment)
  • Kerberos Auth service: Kerberos authentication for internal users

To migrate to the new 20.01 connectors from legacy connectors, you migrate your directories. When you migrate the directories, all data, including authentication methods and identity providers, is migrated.

Requirements for Migration

  • The Workspace ONE Access 20.01 connector does not support Virtual Apps (Citrix, Horizon, Horizon Cloud, and ThinApps integrations). If your environment includes Virtual Apps or you plan to use Virtual Apps in the future, do not migrate to Workspace ONE Access 20.01 connectors.

    To integrate Horizon, Horizon Cloud, or Citrix applications and desktops, use VMware Identity Manager connector (Windows) version 19.03. To integrate ThinApp packaged applications, use VMware Identity Manager connector (Linux) version 2018.8.1.0.

  • You need one or more Windows servers to install 20.01 connectors. The enterprise services can be installed together on one server or separately on different servers. See Installing Workspace ONE Access Connector for requirements.

    The Windows servers for the 20.01 connectors must be separate from your legacy connector servers. During the migration process, you will switch between using the old connectors and the new connectors to test the migration. The 19.03 legacy connector servers must be running during the migration process. Do not uninstall the 19.03 connectors until the migration is complete.

    Note: The 20.01.01 Patch Release lets you use a Windows server that has a 19.03 connector installed. See Migrating to Latest Connector on a Windows Server Running Workspace ONE Access 19.03.
  • All existing connectors in your tenant must be version 19.03. If you have any older connectors, upgrade them to 19.03 first.
  • If you have an on-premises instance of the Workspace ONE Access service, upgrade the service to 20.01 before migrating to 20.01 connectors.
  • During migration, you must migrate all the directories in your tenant to the 20.01 connector. You cannot choose to migrate only some of the directories.
  • After migration, you can use only the new 20.01 connectors. You cannot have a mix of older connector versions and 20.01 connectors in your environment.
  • If you have 19.03.0.1 connectors installed and you are planning to migrate them, consider migrating to connector version 20.10 instead of 20.01.x. There is a known issue with migration from connector version 19.03.0.1 to version 20.01.x if your Workspace ONE Access directory of type Active Directory over LDAP or IWA has the External ID option set to any attribute other than the default value of objectGUID. When you migrate the directory as part of connector migration, all users will be deleted and added back. As a result, all users will be logged out and will have to log in again. You will also have to reconfigure user entitlements.
    Note: If you are using the on-premises Workspace ONE Access service, keep in mind that the connector version must be equal to or lower than the service version.