VMware Identity Manager 2.4 Release Notes

VMware Identity Manager 2.4 | 08 SEPT 2015 | Build 3035173

VMware Identity Manager Connector 2.4 | 08 SEPT 2015 | Build 3035174

VMware Identity Manager Desktop 2.4 | 08 SEPT 2015 | Build 3032643

VMware Identity Manager Integration Broker 2.4 | 08 SEPT 2015 | Build 3003880

Release date: September 8, 2015

Updated September 21, 2015

What's in the Release Notes

The release notes cover the following topics:

What's New

Workspace Portal is being renamed to VMware Identity Manager.

This release of VMware Identity Manager 2.4 delivers the following new features.

  • HTML Access support for Horizon View applications
  • New integrated authentication methods
    • RSA Adaptive Authentication
    • Certificate/Smart Card Authentication
    • RADIUS Authentication
  • Microsoft SQL Server 2014 as an external database
  • Simplified Admin UI for setting up directories, identity providers, and policies
  • External access to XenApp with NetScaler

Navigating the Identity & Access Management Tab

The administration console now includes an Identity & Access Management tab were you setup and manage connectors, identity providers, directories, and policies. Most of the settings that were in the connector web interface are accessed from this tab.

In the Setup pages you can

  • Add connectors and setup auth adapters for the connector
  • Use custom branding to customize the sign in page and add a logo
  • Set up network ranges
  • Select user attributes that sync to the directory

In the Manage pages you can

  • Add directories
  • Manage directory settings, including sync frequency, domains, and users and groups to sync
  • Add identity providers
  • Manage the default access policy and add access policies for Web applications
  • Configure Password Recovery Assistant for the Forgot Password link on the sign in page


VMware Identity Manager 2.4 is available in the following languages:

  • English
  • French
  • German
  • Japanese
  • Simplified Chinese

Compatibility, Installation, and Upgrade

VMware vCenter™ and VMware ESXi™ Compatibility

VMware Identity Manager supports the following versions of vSphere and ESXi.

  • 5.0 U2+, 5.1+, 5.5, 6.0+

Browser Compatibility for the VMware Identity Manager administration console

The following Web browsers can be used to view the administration console:

  • Mozilla Firefox 40 or later for Windows and Mac systems (latest)
  • Google Chrome 42.0 or later for Windows and Mac systems
  • Internet Explorer 10 and 11 for Windows systems
  • Safari 6.2.8 or later for Mac systems

These browsers can also be used to access the Connector Services and Appliance Configurator pages.

For other system requirements, see Installing and Configuring VMware Identity Manager on the doc landing page.

Component Compatibility

VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components, such as VMware vCenter Server, VMware ThinApp, and View.

Upgrading to VMware Identity Manager from VMware Workspace Portal 2.1 and 2.1.1

You can upgrade from Workspace 2.1 and 2.1.1 to VMware Identity Manager 2.4. You must migrate from Horizon Workspace 1.8.1, 1.8.2 and from Workspace 2.0 to Workspace 2.1.


To access the VMware Identity Manager 2.4 documentation, go to the VMware Identity Manager doc landing page.

Product Support Notice

  • The Perform Directory Sync feature to import newly added resource entitlements from View to Workspace, configured in the Workspace View Pool page, is not available in this release of VMware Identity Manager. To add newly added resource entitlements from Horizon View to VMware Identity Manager, you must manually start a directory sync from the Identity & Access Management > Directories page.

Known Issues

  • The time format does not fallback correctly when browser's locale is da_DK
    For local da_DK (Denmark) the time in hours, minutes, seconds that appears in the Last Sync column in the Identity & Access Management > Directories page displays with dots instead of a colon. Example, 11.15.12 instead of 11:15:12.

    Workaround: There is no workaround.

  • Unable to add second directory to sync while another directory is syncing
    An additional directory cannot be added while another directory is syncing.

    Workaround: Wait until the first directory is added.

  • Deleting a large number of users at one time causes the administration console progress bar to time out
    When deleting directories that have a large number of users, the Identity & Access Management > Directories page might become unresponsive.

    Workaround: Wait for a while before you attempt other directory related actions because the delete process is still working in the background.

  • XenApp sync does not work if the distinguishedName attribute is not a required attribute
    XenApp sync show the number of apps and entitlements being synched, but the sync does not succeed and no XenApp appear in the Catalog page.

    Workaround: Mark the distinguishedName attribute in the Identity & Access Management > Setup > User Attributes page as required before you create the directory if you plan to sync XenApp to VMware Identity Manager. If a directory is already created, you must delete the directory before making distinguishedName a required attribute. If upgrading to 2.4, make sure that the distinguishedName attribute is a required attribute before the upgrade.

  • Installing a new Integration Broker does not remove the existing one

    Workaround: Uninstall the existing Integration Broker before installing a new one.

  • XenApp cannot be launched with Chrome 42 and above
    XenApp cannot be launched from the Google Chrome 42 and later browsers because Chrome no longer supports NPAPI plugins.

    Workaround: For Chrome 42, 43, and 44, you can enable NPAPI. Beginning with Chrome 45, NPAPI is no longer available.

    To enable the plugin, type "chrome://flags/#enable-npapi" into your Chrome browser bar and click Enable under the section EnableNPAPI. Restart Chrome.

  • When two or more applications are launched using HTML Browser, the browser tab that shows the applications is not in focus
    When users launch a Horizon app from their apps portal, their browser focus is directed to the tab where the app is open. When a second Horizon app is launched from the apps portal, the users' focus remain on their apps portal page.

    Workaround: Users can navigate to the tab where the Horizon apps are running to access them.

  • Users cannot see all running Horizon desktops in the sidebar when they launch multiple Horizon desktops using HTML Access
    In Horizon View 6.1.x, when users launch a Horizon desktop using HTML Access the HTML access tray does not show all previously launched desktops that are in running status.

    Workaround: In the View admin console, set up the desktop pools option "Automatically logoff after disconnect" to be after 1 or 2 minutes.

  • Users cannot see all running Horizon desktops and apps from different brokers in the sidebar when they launch multiple Horizon desktops and apps using HTML Access or Horizon Client

    In Horizon View 6.1 and 6.2 when users launch a Horizon desktop or app from different brokers using either HTML Access or Horizon Client, the HTML access tray does not show all previously launched desktops and apps that are running.

    Workaround: There is no workaround. Only desktops and apps from the current broker are shown in the access tray.

  • After upgrading from Workspace Portal 2.1.1 to VMware Identity Manager 2.4, ThinApp packages cannot be launched using Horizon Workspace Desktop from the user's apps portal
    When VMware Identity Manager is upgraded from 2.1.x to 2.4, users might not be able to launch their ThinApp packages from Workspace Desktop for Windows.

    Workaround: Upgrade the desktop to VMware Identity Manager Desktop 2.4, or if you plan to upgrade later, unlink the client from the server and relink.

  • Kerberos cannot be enabled if the joined domain is different from the domain of the default worker

    Workaround: If you have multiple directories configured on a connector, the connector must be joined to the domain of the first directory to enable Kerberos auth adapter.

  • Connector communication failed with response: command.signature.invalid
    Deleting a connector from the service and adding it back to the service will cause an error.

    Workaround: When a connector is deleted from the Identity & Access Management > Connectors page, power off and power on the connector appliance before adding the same connector back to the service.

  • User might be prompted for the admin password when enabling auth adapters
    When VMware Identity Manager is set up in HA mode, the admin might be prompted for the Identity Manager admin password when enabling auth adapters.

    Workaround: Enter the VMware Identity Manager admin password. Note: This is not the Active Directory admin password.

  • In a clustered environment, when a cloned Identity Manager appliance is down, the User Engagement Dashboard might not show all details and some reports might not be available
    In a cluster when one of the appliances becomes unavailable, the Reports feature might not work.

    Workaround: Start the appliance that is down to correct the problem.

  • When upgrading, unable to join domain with the cloned appliance
    When upgrading to 2.4, the appliance is unable to join the domain.

    Workaround: If you are upgrading from version 2.1.0 and you plan to join the appliance to a domain, leave the domain before upgrading the appliance. After you upgrade the appliance to 2.4, set up the cluster for high availability before re-joining the domain.

  • Identity provider hostname in IdP page changed to recently added connector hostname from load balancer hostname
    When you change the connector of an identity provider, the IdP Hostname might be reset.

    Workaround: If this happens, edit the Identity Provider page and change the IdP Hostname value.