When you use the VMware Identity Manager connector 19.03 for Kerberos Authentication, you must join to the domain and enable Kerberos authentication on the connector.

Procedure

  1. In the admin console Identity & Access Management tab, select Setup.
  2. In the Worker column for the connector, click Auth Adapters.
  3. Click KerberosIdpAdapter
    You are redirected to the sign-in page.
  4. Click Edit in the KerberosldpAdapter row and configure the Kerberos authentication page.
    Option Description
    Name A name is required. The default name is KerberosIdpAdapter. You can change the name.
    Directory UID Attribute Enter the account attribute that contains the user name.
    Enable Windows Authentication Select Enable Windows Authentication to extend authentication interactions between users' browsers and Workspace ONE Access.
    Enable NTLM Select Enable NTLM for NT LAN Manager (NTLM) protocol-based authentication only if your Active Directory infrastructure relies on NTLM authentication.
    Enable Redirect If multiple connectors are configured in a cluster and Kerberos is set up for high availability behind a load balancer, select Enable Redirect and specify a value for Redirect Host Name.

    If only one connector is deployed, you do not need to use the Enable Redirect and Redirect Host Name options.

    Redirect Host Name A value is required if the Enable Redirect option is selected. Enter the connector's own hostname. For example, if the connector's host name is connector1.example.com, enter connector1.example.com in the text box.
  5. Click Save.

What to do next

Add the authentication method to the default access policy. Go to the Identity & Access Management > Manage > Policies page and edit the default policy rules to add the Kerberos authentication method to the rule in correct authentication order.