You manage users and groups from the administration console. You can entitle users and groups to resources and add users to groups that you create.

The users in the directory are users imported from Active Directory. The user base is updated according to your directory server synchronization schedule.

Groups can be groups imported from Active Directory and groups that you create in the VMware Identity Manager service.

Group Type

Description

Active Directory Server Groups

In the administration console, a lock icon next to a group name indicates that the group is an Active Directory server group. You cannot edit or delete these groups. Imported Active Directory server groups are updated in the directory according to your server synchronization schedule.

VMware Identity Manager Groups

You can create groups in administration console Users & Groups tab. You can add a combination of users and other groups when you create groups. The groups you add can be either groupd you already created or groups imported from your Active Directory server. In the administration console, a check box next to a group name indicates that the group is a local group. You can delete these groups or edit the users in the group from the administration console.

You can specify which resources the group's members are entitled to access and use. Instead of defining entitlements for each individual user, you can entitle a set of users by entitling the group. A user can belong to multiple groups. For example, if you create a Sales group and a Management group, a sales manager can belong to both groups. You can specify which policy settings apply to the group's members.