You can edit the default access policy, which is a pre-existing policy that controls user access to the service as a whole.

You can remove an entire Web-application-specific access policy at anytime. The default access policy is permanent. You can edit it, but you cannot remove it.

Configure the appropriate network ranges for your deployment. See Add or Edit a Network Range.

Configure the appropriate authentication methods for your deployment. Configuring User Authentication in VMware Identity Manager.


In the administration console Identity & Access Management tab, select Manage > Policies.


Click the policy to edit.


If this policy should be applied to specific Web applications, click Edit Apps.


Select the apps and click Save.


In the Policy Rules section, Authentication Method column, select the rule to edit.

The Edit a Policy Rule page appears with the existing configuration displayed.


To configure the authentication order, in the then the user must authenticate using the following method drop-down menu, select the authentication method to apply first.


All the authentication methods are listed in the drop-down menu, even if they are not enabled. Select only from the authentication methods that are enabled on the Connector > Auth Adapters page.


(Optional) To configure a fallback authentication method if the first authentication fails, select another enabled authentication method from the next drop-down menu.

You can add multiple fallback authentication methods to a rule.


Click Save and click Save again on the Policy page.

The edited policy rule takes effect immediately.

If the policy is a Web-application-specific access policy, you can also apply the policy set to the Web application in the Catalog page. See Add a Web-Application-Specific Policy