You can create a client to enable a single application to register with VMware Identity Manager services to allow user access to a specific application.


In the administration console Catalog tab, select Settings > Remote App Access.


On the Clients page, click Create Client.


On the Create Client page, enter the following information about the application.



Access Type

Options are User Access Token or Service Client Token.

Client ID

Enter a unique client ID for the resource to be registered with VMware Identity Manager.


Select Identity Manager.


Select the appropriate scope. When you select NAAPS, OpenID is also selected.

Redirect URI

Enter the registered redirect URI.

Advanced Section


Shared Secret

Click Generate Shared Secret to generate a secret that is shared between this service and the application resource service.

Copy and save the client secret to configure in the application setup.

The client secret must be kept confidential. If a deployed app cannot keep the secret confidential, then the secret is not used. The shared secret is not used with Web browser-based apps.

Issue Refresh Token

Deselect the checkbox.

Token Type

Select Bearer

Token Length

Leave the default setting, 32 Bytes.

Issue Refresh Token

Check Refresh Token.

Access Token TTL

(Optional) Change the Access Token Time-To-Live settings.

Refresh Token TTL


User Grant

Do not check Prompt users for access.


Click Add.

The client configuration is displayed on the OAuth2 Client page, along with the shared secret that was generated.

Enter the Client ID and the shared secret in the resources configuration pages. See the application documentation.