VMware Identity Manager 2.7.1 Release Notes
VMware Identity Manager 2.7.1 | 15 SEPTEMBER 2016 | Build 4366188
VMware Identity Manager Connector 2016.6.1 | 29 JUNE 2016 | Build 4063462
VMware Identity Manager Desktop 2.7.1 | 15 SEPTEMBER 2016 | Build 4274012
VMware Identity Manager Integration Broker 2.7.1 | 15 SEPTEMBER 2016 | Build 4171102
Release date: September 15, 2016
What's in the Release Notes
The release notes cover the following topics:
Fixes for 2.7.1
The release of VMware Identity Manager 2.7.1 fixed the following issues.
Workspace ONE Experience
- Applications can be added to the portal Launcher page or to devices directly from the application details page in Catalog
Previously, an application could be added to the Launcher or a device could be added only from the Catalog page. Now an app can be added from the application's details page as well.
- Fixed Horizon View launch by browser in Windows 10
Launches using Firefox and Chrome for HTML Access were not working on Windows 10 devices. This has been resolved.
- Fixed Horizon View launch with custom network ranges
Application and desktop resources were not always launching with single-sign-on when custom network range policies were created in VMware Identity Manager.
- Fixed Horizon Air launch
Application and desktop resources synced from Horizon Air tenants were not launching correct in VMware Identity Manager 2.7. They now work as expected in the launcher.
- Support for Workspace ONE on Windows 10 phones
Workspace ONE for Windows 10 has been extended from desktop and tablet support to also include support for smaller form factors (phones).
Authentication and Access
- Citrix XenApp 7.8 and 7.9 Certification
Citrix XenApp and XenDesktop 7.8 and 7.9 integration with VMware Identity Manager are now available.
- Portal renders correctly when Global Catalog is unreachable
Fixed the VMware Identity Manager 2.7 on-premises deployment issue about when the Global Catalog was unreachable, apps were not appearing in the portal.
- Improved multi-cluster RabbitMQ reliability
For VMware Identity Manager clusters with more than two nodes, RabbitMQ could get into a bad state and restart every minute. This issue has now been resolved.
What's New for 2.7
This version of VMware Identity Manager includes support for the following new features.
Workspace ONE Application
- Workspace ONE app providing standalone Mobile Application Management features
You can use the Workspace ONE app to distribute public mobile applications to unmanaged devices through the Workspace ONE app catalog. Users can single sign-on between the Workspace ONE app and productivity apps from VMware - AirWatch Browser and Secure Content Locker, and any custom app built using the AirWatch SDK. And, when the device goes out-of-compliance (such as jail broken), the Workspace ONE app, productivity apps, and any custom app built using AirWatch SDK self-destruct.
- Workspace ONE app providing Adaptive Management
Users can start using the Workspace ONE app in standalone Mobile Application Management (MAM) mode and progress to OS MAM when an application with a lock icon in the catalog is selected for installation. Once, the user enrolls the device into OS MAM, the lock icon goes away. The user can now install all the apps from the catalog. Users no longer have to install AirWatch agent to get their devices enrolled into OS MAM. Available now for iOS and Windows devices with support for Android devices coming soon.
Authentication and Access
- OneTouch SSO and device compliance check for Android, Window 10, and Mac OS devices
The convenient OneTouch SSO available for iOS is now available for the rest of the platforms, including Android, Windows 10 and Mac OS. In addition, administrators can configure conditional access policies that check for the device posture. When these devices go out of compliance, the sign in access is blocked to the applications.
- LDAP Directory support
Connect any LDAP directory (such as OpenLDAP) and not just Active Directory to authenticate users.
- Simplified deployment of Integration Broker for Citrix Integration
Making the Integration Broker accessible from the Internet is no longer a requirement. All communication between the service and the Integration Broker is now through the VMware Identity Manager Connector. You must install or upgrade to the new connector version released June 2016.
- Changes required for VMware Identity Manager Cluster
For high-availability, if you deployed two VMware Identity Manager appliances in a cluster, beginning with 2.7, you must have a minimum of three appliances in the cluster to ensure consistent search results for users and groups data.
VMware Identity Manager 2.7 is available in the following languages:
- Simplified Chinese
Compatibility, Installation, and Upgrade
VMware vCenter™ and VMware ESXi™ Compatibility
VMware Identity Manager supports the following versions of vSphere and ESXi.
Browser Compatibility for the VMware Identity Manager administration console
The following Web browsers can be used to view the administration console:
- Mozilla Firefox 40 or later for Windows and Mac systems
- Google Chrome 42.0 or later for Windows and Mac systems
- Internet Explorer 11 for Windows systems
- Safari 6.2.8 or later for Mac systems
For other system requirements, see Installing and Configuring VMware Identity Manager guide.
VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components, such as VMware vCenter Server, VMware ThinApp, and View.
Upgrading VMware Identity Manager 2.7
To upgrade to 2.7.1, see Upgrading to VMware Identity Manager 2.7. During the upgrade, all services are stopped, so plan the upgrade with the expected downtime in mind.
Transport Layer Security (TLS) 1.0 is disabled by default in VMware Identity Manager 2.6 and later
During the upgrade of VMware Identity Manager to 2.7, TLS 1.0 is disabled. We recommend that you update products configurations to use TLS 1.1 or 1.2.
External product issue are known to occur when TLS 1.0 is disabled. If your implementation of Horizon, Horizon Air, Citrix, or the load balancer in VMware Identity Manager have a dependence on TLS 1.0 follow the instruction in KB 2144805 to enable TLS 1.0.
To access the VMware Identity Manager 2.7 documentation, go to
the VMware Identity Manager Documentation Center.
KDC Certificate to use in MDM profile cannot be downloaded
Sometimes when you click Download Certificate in the Built-in identity provider, the KDC certificate does not download.
Workaround: Manually download the KDC root certificate. Sign in to VMware Identity Manager admin console and in the browser address bar enter as
Save the KDC-root-cert.cer file to a location that can be accessed from the AirWatch console.
Issues with Access Point integration with VMware Identity Manager
- Admin users logging in from external networks will not be able to access the admin console from their portal page when the Access Point appliance is deployed as a reverse proxy for VMware Identity Manager.
Workaround: Admins should VPN into the internal network to access the admin console from an external network.
- Certificate based authentication does not work when the Access Point appliance is deployed as a reverse proxy for VMware Identity Manager.
Workaround: No workaround available. Certificate based authentication cannot be set for external users that are proxied by Access Point.
- ThinApp packages cannot be downloaded when the Access Point appliance is deployed as a reverse proxy for VMware Identity Manager.
Workaround: Set the ThinApp package installation mode to COPY_TO_LOCAL (default) or RUN_FROM_SHARE.
XenApp cannot be launched with Chrome 42 and above
XenApp cannot be launched from the Google Chrome 42 and later browsers because Chrome no longer supports NPAPI plugins.
Workaround: For Chrome 42, 43, and 44, you can enable NPAPI. Beginning with Chrome 45, NPAPI is no longer available.
To enable the plugin, type "chrome://flags/#enable-npapi" into your Chrome browser bar and click Enable under the section EnableNPAPI. Restart Chrome.
These known issues were resolved in this release.