VMware Identity Manager 2.4 Release Notes
VMware Identity Manager 2.4 | 08 SEPT 2015 | Build 3035173
VMware Identity Manager Connector 2.4 | 08 SEPT 2015 | Build 3035174
VMware Identity Manager Desktop 2.4 | 08 SEPT 2015 | Build 3032643
VMware Identity Manager Integration Broker 2.4 | 08 SEPT 2015 | Build 3003880
Release date: September 8, 2015
Updated September 21, 2015
What's in the Release Notes
The release notes cover the following topics:
Workspace Portal is being renamed to VMware Identity Manager.
This release of VMware Identity Manager 2.4 delivers the following new features.
- HTML Access support for Horizon View applications
- New integrated authentication methods
- RSA Adaptive Authentication
- Certificate/Smart Card Authentication
- RADIUS Authentication
- Microsoft SQL Server 2014 as an external database
- Simplified Admin UI for setting up directories, identity providers, and policies
- External access to XenApp with NetScaler
Navigating the Identity & Access Management Tab
The administration console now includes an Identity & Access Management tab were you setup and manage connectors, identity providers, directories, and policies. Most of the settings that were in the connector web interface are accessed from this tab.
In the Setup pages you can
- Add connectors and setup auth adapters for the connector
- Use custom branding to customize the sign in page and add a logo
- Set up network ranges
- Select user attributes that sync to the directory
In the Manage pages you can
- Add directories
- Manage directory settings, including sync frequency, domains, and users and groups to sync
- Add identity providers
- Manage the default access policy and add access policies for Web applications
- Configure Password Recovery Assistant for the Forgot Password link on the sign in page
VMware Identity Manager 2.4 is available in the following languages:
- Simplified Chinese
Compatibility, Installation, and Upgrade
VMware vCenter™ and VMware ESXi™ Compatibility
VMware Identity Manager supports the following versions of vSphere and ESXi.
Browser Compatibility for the VMware Identity Manager administration console
The following Web browsers can be used to view the administration console:
- Mozilla Firefox 40 or later for Windows and Mac systems (latest)
- Google Chrome 42.0 or later for Windows and Mac systems
- Internet Explorer 10 and 11 for Windows systems
- Safari 6.2.8 or later for Mac systems
These browsers can also be used to access the Connector Services and Appliance Configurator pages.
For other system requirements, see Installing and Configuring VMware Identity Manager on the doc landing page.
VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components, such as VMware vCenter Server, VMware ThinApp, and View.
Upgrading to VMware Identity Manager from VMware Workspace Portal 2.1 and 2.1.1
You can upgrade from Workspace 2.1 and 2.1.1 to VMware Identity Manager 2.4. You must migrate from Horizon Workspace 1.8.1, 1.8.2 and from Workspace 2.0 to Workspace 2.1.
To access the VMware Identity Manager 2.4 documentation, go to
the VMware Identity Manager doc landing page.
Product Support Notice
- The Perform Directory Sync feature to import newly added resource entitlements from View to Workspace, configured in the Workspace View Pool page, is not available in this release of VMware Identity Manager. To add newly added resource entitlements from Horizon View to VMware Identity Manager, you must manually start a directory sync from the Identity & Access Management > Directories page.
The time format does not fallback correctly when browser's locale is da_DK
For local da_DK (Denmark) the time in hours, minutes, seconds that appears in the Last Sync column in the Identity & Access Management > Directories page displays with dots instead of a colon. Example, 11.15.12 instead of 11:15:12.
Workaround: There is no workaround.
Unable to add second directory to sync while another directory is syncing
An additional directory cannot be added while another directory is syncing.
Workaround: Wait until the first directory is added.
Deleting a large number of users at one time causes the administration console progress bar to time out
When deleting directories that have a large number of users, the Identity & Access Management > Directories page might become unresponsive.
Workaround: Wait for a while before you attempt other directory related actions because the delete process is still working in the background.
XenApp sync does not work if the distinguishedName attribute is not a required attribute
XenApp sync show the number of apps and entitlements being synched, but the sync does not succeed and no XenApp appear in the Catalog page.
Workaround: Mark the distinguishedName attribute in the Identity & Access Management > Setup > User Attributes page as required before you create the directory if you plan to sync XenApp to VMware Identity Manager. If a directory is already created, you must delete the directory before making distinguishedName a required attribute. If upgrading to 2.4, make sure that the distinguishedName attribute is a required attribute before the upgrade.
Installing a new Integration Broker does not remove the existing one
Workaround: Uninstall the existing Integration Broker before installing a new one.
XenApp cannot be launched with Chrome 42 and above
XenApp cannot be launched from the Google Chrome 42 and later browsers because Chrome no longer supports NPAPI plugins.
Workaround: For Chrome 42, 43, and 44, you can enable NPAPI. Beginning with Chrome 45, NPAPI is no longer available.
To enable the plugin, type "chrome://flags/#enable-npapi" into your Chrome browser bar and click Enable under the section EnableNPAPI. Restart Chrome.
When two or more applications are launched using HTML Browser, the browser tab that shows the applications is not in focus
When users launch a Horizon app from their apps portal, their browser focus is directed to the tab where the app is open. When a second Horizon app is launched from the apps portal, the users' focus remain on their apps portal page.
Workaround: Users can navigate to the tab where the Horizon apps are running to access them.
Users cannot see all running Horizon desktops in the sidebar when they launch multiple Horizon desktops using HTML Access
In Horizon View 6.1.x, when users launch a Horizon desktop using HTML Access the HTML access tray does not show all previously launched desktops that are in running status.
Workaround: In the View admin console, set up the desktop pools option "Automatically logoff after disconnect" to be after 1 or 2 minutes.
- Users cannot see all running Horizon desktops and apps from different brokers in the sidebar when they launch multiple Horizon desktops and apps using HTML Access or Horizon Client
In Horizon View 6.1 and 6.2 when users launch a Horizon desktop or app from different brokers using either HTML Access or Horizon Client, the HTML access tray does not show all previously launched desktops and apps that are running.
Workaround: There is no workaround. Only desktops and apps from the current broker are shown in the access tray.
After upgrading from Workspace Portal 2.1.1 to VMware Identity Manager 2.4, ThinApp packages cannot be launched using Horizon Workspace Desktop from the user's apps portal
When VMware Identity Manager is upgraded from 2.1.x to 2.4, users might not be able to launch their ThinApp packages from Workspace Desktop for Windows.
Workaround: Upgrade the desktop to VMware Identity Manager Desktop 2.4, or if you plan to upgrade later, unlink the client from the server and relink.
Kerberos cannot be enabled if the joined domain is different from the domain of the default worker
Workaround: If you have multiple directories configured on a connector, the connector must be joined to the domain of the first directory to enable Kerberos auth adapter.
Connector communication failed with response: command.signature.invalid
Deleting a connector from the service and adding it back to the service will cause an error.
Workaround: When a connector is deleted from the Identity & Access Management > Connectors page, power off and power on the connector appliance before adding the same connector back to the service.
User might be prompted for the admin password when enabling auth adapters
When VMware Identity Manager is set up in HA mode, the admin might be prompted for the Identity Manager admin password when enabling auth adapters.
Workaround: Enter the VMware Identity Manager admin password. Note: This is not the Active Directory admin password.
In a clustered environment, when a cloned Identity Manager appliance is down, the User Engagement Dashboard might not show all details and some reports might not be available
In a cluster when one of the appliances becomes unavailable, the Reports feature might not work.
Workaround: Start the appliance that is down to correct the problem.
When upgrading, unable to join domain with the cloned appliance
When upgrading to 2.4, the appliance is unable to join the domain.
Workaround: If you are upgrading from version 2.1.0 and you plan to join the appliance to a domain, leave the domain before upgrading the appliance. After you upgrade the appliance to 2.4, set up the cluster for high availability before re-joining the domain.
Identity provider hostname in IdP page changed to recently added connector hostname from load balancer hostname
When you change the connector of an identity provider, the IdP Hostname might be reset.
Workaround: If this happens, edit the Identity Provider page and change the IdP Hostname value.