By adding and configuring identity provider instances for your VMware Identity Manager deployment, you can provide high availability, support additional user authentication methods, and add flexibility in the way you manage the user authentication process based on user IP address ranges.

Configure the network ranges that you want to direct to this identity provider instance for authentication. See Add or Edit a Network Range.

Access to the third-party metadata document. This can be either the URL to the metadata or the actual metadata.


Log in to the administration console.


In the Identity & Access Management tab select Manage > Identity Providers.


Click Add Identity Provider and edit the identity provider instance settings.

Form Item


Identity Provider Name

Enter a name for this identity provider instance.

SAML Metadata

Add the third party IdPs XML-based metadata document to establish trust with the identity provider.


Enter the SAML metadata URL or the xml content into the text box.


Click Process IdP Metadata. The NameID formats supported by the IdP are extracted from the metadata and added to the Name ID Format table.


In the Name ID value column, select the user attribute in the service to map to the ID formats displayed. You can add custom third-party name ID formats and map them to the user attribute values in the service.


(Optional) Select the NameIDPolicy response identifier string format.


Select the VMware Identity Manager directories of the users who can authenticate using this identity provider.


The existing network ranges configured in the service are listed.

Select the network ranges for the users based on their IP addresses, that you want to direct to this identity provider instance for authentication.

Authentication Methods

Add the authentication methods supported by the third-party identity provider. Select the SAML authentication context class that supports the authentication method.

SAML Signing Certificate

Click Service Provider (SP) Metadata to see URL to VMware Identity Manager SAML service provider metadata URL . Copy and save the URL. This URL is configured when you edit the SAML assertion in the third-party identity provider to map VMware Identity Manager users.

IdP Hostname

If the Hostname field displays, enter the hostname where the identity provider is redirected to for authentication. If you are using a non-standard port other than 443, you can set this as Hostname:Port. For example,


Click Add.

Add the authentication method of the identity provider to the services default policy. See Apply Authentication Methods to Policy Rules.

Edit the third-party identity provider's configuration to add the SAML Signing Certificate URL that you saved.