Multi-tenancy feature is not enabled out-of-the-box. You can opt-in for enabling multi-tenancy.

Prerequisites

  • The VMware Identity Manager global environment version should be 3.3.2 or later.
  • Verify if the inventories are synchronized for all the environments in vRealize Suite Lifecycle Manager and all environments and products are up to date. This is to discover all the VMware Identity Manager-product integrations required for VMware Identity Manager re-register.
  • Verify if the VMware Identity Manager global environment certificate is managed through the vRealize Suite Lifecycle Manager Locker service.
  • Ensure to take a snapshot of VMware Identity Manager. It is recommended, since enabling multi-tenancy transforms VMware Identity Manager to be accessed through tenant FQDNs and existing VMware Identity Manager URLs will not be accessible.
  • For a clustered VMware Identity Manager, verify VMware Identity Manager cluster health status is green by triggering cluster health. For more information, Day 2 Operations with Other Products in vRealize Suite Lifecycle Manager
  • Verify the VMware Identity Manager certificate is updated with the primary tenant alias FQDN. Also ensure that the A-type DNS record is added mapping the primary tenant alias FQDN. For more information about Mandatory Certificate and DNS requirements, see Multi-Tenancy Model.

Procedure

  1. Click Identity and Tenant Management and navigate to Tenant Management.
  2. Read the Opt-in message and click Enable Tenancy.
  3. Enter the primary tenant Alias name.
    Ensure such a hostname or FQDN does not already exist. While enabling multi-tenancy, this FQDN is assigned to the primary tenant.
    Ensure all products currently integrated with global environment VMware Identity Manager are already listed and selected for re-registration against the new primary tenant alias FQDN in the 'Product Re-registration' table. For more information on Product References, see Product References.
  4. Click Submit, after you validate the entries.
    After you enable multi-tenancy on the VMware Identity Manager, it can only be accessed through its tenant FQDNs, and at this point as the primary tenant is the only available tenant, primary tenant alias FQDN is the only endpoint through which VMware Identity Manager can be accessed. Once the vRealize Suite Lifecycle Manager enable multi-tenancy request is completed, create tenants from the Tenant Management tab.