From the Identity and Access Management tab in the administration console, you can set up and manage the authentication methods, access policies, directory service, and customize the end-user portal and administration console look and feel.

The following is a description of the setup settings in the Identity and Access Management tab.

Identity and Access Management Setup Pages
Identity and Access Management Setup Settings

Setting

Description

Setup > Connectors

The connector is an on-premises component of the service that you deploy inside your enterprise network.

When you associate a directory with a connector instance, the connector creates a partition for the associated directory called a worker. A connector instance can have multiple workers associated with it. Each worker acts as an identity provider. You define and configure authentication methods per worker.

The connector syncs user and group data between your enterprise directory and the service through one or more workers.

In the Worker column, select a worker to view the details about the connector and navigate to the Auth Adapters page to see the status of the available authentication methods. For information about authentication, see Configuring User Authentication in VMware Identity Manager.

In the Identity Provider column, select the IdP to view, edit, or disable. See Add and Configure an Identity Provider Instance.

In the Associated Directory column, access the directory associated with this worker.

Before you can add a new connector, you click Add Connector to generate an activation code that you paste in the Setup wizard to establish communication with the connector.

Join Domain link

You click Join Domain to join the connector to a specific Active Directory domain. For example when you configure Kerberos authentication, you must join the Active Directory domain either containing users or having trust relationship with the domains containing users.

When you configure a directory with an Integrated Windows Authentication Active Directory, the connector joins the domain according to the configuration details.

Setup > Custom Branding

In the Custom Branding page, you can customize the appearance of the administration console header and sign-in screen. See Customize Branding in VMware Identity Manager.

To customize the end-user Web portal, mobile, and tablet views, go to Catalog > Settings > User Portal Branding. See Customize Branding for the User Portal.

Setup > User Attributes

The User Attributes page lists the default user attributes that sync in the directory, and you can add other attributes that you can map to Active Directory attributes. See Select Attributes to Sync with Directory.

Setup > Network Ranges

This page lists the network ranges that you added. You configure a network range to allow users access through the IP addresses you configured. You can add additional network ranges and you can edit existing ranges. See Add or Edit a Network Range.

Setup > Auto Discovery

Register your email domain to use the auto-discovery service to make it easier for users to access their apps portal using Workspace ONE. To configure auto-discovery in your on-premises deployment, you log in to the VMware Identity Manager service as the local admin and configure your AirWatch ID and password.You then enter the domain to register.

End users can enter their email addresses instead of the organization's URL when they access their apps portal through Workspace ONE.

See the Setting up the VMware Workspace ONE App on Devices guide for more information about auto discovery.

Setup > AirWatch

On the AirWatch page, you can set up integration with AirWatch. After integration is set up and saved, you can enable the unified catalog to merge applications set up in the AirWatch catalog to the unified catalog; enable compliance check to verify that managed devices adhere to AirWatch compliance policies, and enable user password authentication through the AirWatch Cloud Connector (ACC). See Integrating AirWatch With VMware Identity Manager.

Setup > Preferences

The Preferences page displays features that the admin can enable. This includes

Persistent cookies can be enabled from this page. See Enable Persistent Cookie.

When local users are configured in your service, to show Local Users as a domain option on the sign in page, enable Show Local Users on the login page.

The following is a description of the settings used to manage the services in the Identity and Access Management tab.

Identity & Access Management Manage Pages
Identity and Access Management Manage Settings

Setting

Description

Manage > Directories

The Directories page lists directories that you created. You create one or more directories and then sync those directories with your Active Directory deployment. On this page, you can see the number of groups and users that are synced to the directory and the last sync time. You can click Sync Now, to start the directory sync.

See Integrating with Active Directory.

When you click a directory name, you can edit the sync settings, navigate the Identity Providers page, and view the sync log.

From the directories sync settings page you can schedule the sync frequency, see the list of domains associated with this directory, change the mapped attributes list, update the user and groups list that syncs, and set the safeguard targets.

Manage > Identity Providers

The Identity Providers page lists the identity providers that you configured. The connector is the initial identity provider. You can add third-party identity provider instances or have a combination of both. The VMware Identity Manager built-in identity provider can be configured for authentication.

See Add and Configure an Identity Provider Instance.

Manage > Password Recovery Assistant

On the Password Recovery Assistant page, you can change the default behavior when "Forgot password" is clicked on the sign-in screen by the end user.

Manage > Policies

The Policies page lists the default access policy and any other Web application access policies you created. Policies are a set of rules that specify criteria that must be met for users to access their Workspace ONE portal or to launch Web applications that are enabled for the user. You can edit the default policy and if Web applications are added to the catalog, and you can add new policies to manage access to these Web applications. See Managing Access Policies.