VMware Identity Manager 2.7.1 Release Notes

VMware Identity Manager 2.7.1 | 15 SEPTEMBER 2016 | Build 4366188

VMware Identity Manager Connector 2016.6.1 | 29 JUNE 2016 | Build 4063462

VMware Identity Manager Desktop 2.7.1 | 15 SEPTEMBER 2016 | Build 4274012

VMware Identity Manager Integration Broker 2.7.1 | 15 SEPTEMBER 2016 | Build 4171102

Release date: September 15, 2016

What's in the Release Notes

The release notes cover the following topics:

Fixes for 2.7.1

The release of VMware Identity Manager 2.7.1 fixed the following issues.

Workspace ONE Experience

  • Applications can be added to the portal Launcher page or to devices directly from the application details page in Catalog

    Previously, an application could be added to the Launcher or a device could be added only from the Catalog page. Now an app can be added from the application's details page as well.

  • Fixed Horizon View launch by browser in Windows 10

    Launches using Firefox and Chrome for HTML Access were not working on Windows 10 devices. This has been resolved.

  • Fixed Horizon View launch with custom network ranges

    Application and desktop resources were not always launching with single-sign-on when custom network range policies were created in VMware Identity Manager.

  • Fixed Horizon Air launch

    Application and desktop resources synced from Horizon Air tenants were not launching correct in VMware Identity Manager 2.7. They now work as expected in the launcher.

  • Support for Workspace ONE on Windows 10 phones

    Workspace ONE for Windows 10 has been extended from desktop and tablet support to also include support for smaller form factors (phones).

Authentication and Access

  • Fixed Kerberos authentication when UPN does not match Active Directory domain

    Seamless Windows authentication was not working for customers who have UPN-based log in that does not match the real Active Directory domain and might not match the user's sAMAccountName.


  • Citrix XenApp 7.8 and 7.9 Certification

    Citrix XenApp and XenDesktop 7.8 and 7.9 integration with VMware Identity Manager are now available.

  • Portal renders correctly when Global Catalog is unreachable

    Fixed the VMware Identity Manager 2.7 on-premises deployment issue about when the Global Catalog was unreachable, apps were not appearing in the portal.

  • Improved multi-cluster RabbitMQ reliability

    For VMware Identity Manager clusters with more than two nodes, RabbitMQ could get into a bad state and restart every minute. This issue has now been resolved.

What's New for 2.7

This version of VMware Identity Manager includes support for the following new features.

Workspace ONE Application

  • Workspace ONE app providing standalone Mobile Application Management features

    You can use the Workspace ONE app to distribute public mobile applications to unmanaged devices through the Workspace ONE app catalog. Users can single sign-on between the Workspace ONE app and productivity apps from VMware - AirWatch Browser and Secure Content Locker, and any custom app built using the AirWatch SDK. And, when the device goes out-of-compliance (such as jail broken), the Workspace ONE app, productivity apps, and any custom app built using AirWatch SDK self-destruct.

  • Workspace ONE app providing Adaptive Management

    Users can start using the Workspace ONE app in standalone Mobile Application Management (MAM) mode and progress to OS MAM when an application with a lock icon in the catalog is selected for installation. Once, the user enrolls the device into OS MAM, the lock icon goes away. The user can now install all the apps from the catalog. Users no longer have to install AirWatch agent to get their devices enrolled into OS MAM. Available now for iOS and Windows devices with support for Android devices coming soon.

Authentication and Access

  • OneTouch SSO and device compliance check for Android, Window 10, and Mac OS devices

    The convenient OneTouch SSO available for iOS is now available for the rest of the platforms, including Android, Windows 10 and Mac OS. In addition, administrators can configure conditional access policies that check for the device posture. When these devices go out of compliance, the sign in access is blocked to the applications.

  • LDAP Directory support

    Connect any LDAP directory (such as OpenLDAP) and not just Active Directory to authenticate users.


  • Simplified deployment of Integration Broker for Citrix Integration

    Making the Integration Broker accessible from the Internet is no longer a requirement. All communication between the service and the Integration Broker is now through the VMware Identity Manager Connector. You must install or upgrade to the new connector version released June 2016.

  • Changes required for VMware Identity Manager Cluster
  • For high-availability, if you deployed two VMware Identity Manager appliances in a cluster, beginning with 2.7, you must have a minimum of three appliances in the cluster to ensure consistent search results for users and groups data.


VMware Identity Manager 2.7 is available in the following languages:

  • English
  • French
  • German
  • Spanish
  • Japanese
  • Simplified Chinese
  • Korean
  • Taiwan

Compatibility, Installation, and Upgrade

VMware vCenter™ and VMware ESXi™ Compatibility

VMware Identity Manager supports the following versions of vSphere and ESXi.

  • 5.0 U2+, 5.1+, 5.5, 6.0+

Browser Compatibility for the VMware Identity Manager administration console

The following Web browsers can be used to view the administration console:

  • Mozilla Firefox 40 or later for Windows and Mac systems
  • Google Chrome 42.0 or later for Windows and Mac systems
  • Internet Explorer 11 for Windows systems
  • Safari 6.2.8 or later for Mac systems

For other system requirements, see Installing and Configuring VMware Identity Manager guide.

Component Compatibility

VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components, such as VMware vCenter Server, VMware ThinApp, and View.

Upgrading VMware Identity Manager 2.7

To upgrade to 2.7.1, see Upgrading to VMware Identity Manager 2.7. During the upgrade, all services are stopped, so plan the upgrade with the expected downtime in mind.

Transport Layer Security (TLS) 1.0 is disabled by default in VMware Identity Manager 2.6 and later

During the upgrade of VMware Identity Manager to 2.7, TLS 1.0 is disabled. We recommend that you update products configurations to use TLS 1.1 or 1.2.

External product issue are known to occur when TLS 1.0 is disabled. If your implementation of Horizon, Horizon Air, Citrix, or the load balancer in VMware Identity Manager have a dependence on TLS 1.0 follow the instruction in KB 2144805 to enable TLS 1.0.


To access the VMware Identity Manager 2.7 documentation, go to the VMware Identity Manager Documentation Center.

Known Issues

  • KDC Certificate to use in MDM profile cannot be downloaded
    Sometimes when you click Download Certificate in the Built-in identity provider, the KDC certificate does not download.

    Workaround: Manually download the KDC root certificate. Sign in to VMware Identity Manager admin console and in the browser address bar enter as
    https://<myco.example.com>/SAAS/jersey/manager/api/kdcrootcertificate. Save the KDC-root-cert.cer file to a location that can be accessed from the AirWatch console.

  • Issues with Access Point integration with VMware Identity Manager

    • Admin users logging in from external networks will not be able to access the admin console from their portal page when the Access Point appliance is deployed as a reverse proxy for VMware Identity Manager.

      Workaround: Admins should VPN into the internal network to access the admin console from an external network.

    • Certificate based authentication does not work when the Access Point appliance is deployed as a reverse proxy for VMware Identity Manager.

      Workaround: No workaround available. Certificate based authentication cannot be set for external users that are proxied by Access Point.

  • ThinApp packages cannot be downloaded when the Access Point appliance is deployed as a reverse proxy for VMware Identity Manager.

    Workaround: Set the ThinApp package installation mode to COPY_TO_LOCAL (default) or RUN_FROM_SHARE.

  • XenApp cannot be launched with Chrome 42 and above
    XenApp cannot be launched from the Google Chrome 42 and later browsers because Chrome no longer supports NPAPI plugins.

    Workaround: For Chrome 42, 43, and 44, you can enable NPAPI. Beginning with Chrome 45, NPAPI is no longer available.

    To enable the plugin, type "chrome://flags/#enable-npapi" into your Chrome browser bar and click Enable under the section EnableNPAPI. Restart Chrome.

Resolved Issues

These known issues were resolved in this release.

  • When connectors are set up in an HA enviornment, and a connector is disabled, when a second connector is associated with the directory, the sync can take some time. The server does not give any notification that it is syncing.
  • Users unable to log in with RSA SecurID token in a load-balanced environment

  • Rest View desktop option does not work from the Workspace ONE luancher page