From the Identity and Access Management tab in the administration console, you can setup and manage the authentication methods, access policies, directory service, and customize the end user portal and administration console look and feel.

The following is a description of the setup settings in the Identity and Access Management tab.

Identity and Access Management Setup Pages
Identity and Access Management Setup Settings



Setup > Connectors

The Connectors page lists the connectors that are deployed inside your enterprise network. The connector is used to sync user and group data between Active Directory and the service, and when it is used as the identity provider, authenticates users to the service.

When you associate a directory with a connector instance, the connector creates a partition for the associated directory called a worker. A connector instance can have multiple workers associated with it. Each worker acts as an identity provider. You define and configure authentication methods per worker.

The connector syncs user and group data between Active Directory and the service through one or more workers.

In the Worker column, select a worker to view the connector's details and navigate to the Auth Adapters page to see the status of the available authentication methods. For information about authentication, see Configuring User Authentication in VMware Identity Manager.

In the Identity Provider column, select the IdP to view, edit or disable. See Add and Configure an Identity Provider Instance

In the Associated Directory column, access the directory associated with this worker.

Before you can add a new connector, you click Add Connector to generate an activation code that you paste in the Setup wizard to establish communication with the connector.

Join Domain link

You click Join Domain to join the connector to a specific Active Directory domain. For example when you configure Kerberos authentication, you must join the Active Directory domain either containing users or having trust relationship with the domains containing users.

When you configure a directory with an Integrated Windows Authentication Active Directory, the connector joins the domain according to the configuration details.

Setup > Custom Branding

In the Custom Branding page, you can customize the appearance of the administration console header and sign-in screen. See Customize Branding in VMware Identity Manager

To customize the end user web portal, mobile and tablet views, go to Catalog > Settings > User Portal Branding. See Customize Branding for the User Portal

Setup > User Attributes

The User Attributes page lists the default user attributes that sync in the directory and you can add other attributes that you can map to Active Directory attributes. See Select Attributes to Sync with Directory.

Setup > Network Ranges

This page lists the network ranges that you added. You configure a network range to allow users access through those IP addresses. You can add additional network ranges and you can edit existing ranges. See Add or Edit a Network Range.

The following is a description of the settings used to manage the services in the Identity and Access Management tab.

Identity & Access Management Manage Pages
Identity and Access Management Manage Settings



Manage > Directories

The Directories page lists directories that you created. You create one or more directories and then sync those directories with your Active Directory deployment. On this page you can see the number of groups and users that are synced to the directory and the last sync time. You can click Sync Now, to manually start the directory sync.

See Integrating with Active Directory.

When you click on a directory, you can edit the sync settings, navigate the Identity Providers page, and view the sync log.

From the directories sync settings page you can schedule the sync frequency, see the list of domains associated with this directory, change the mapped attributes list, update the user and groups list that syncs, and set the safeguard targets.

Manage > Identity Providers

The Identity Providers page lists the identity providers that you configured. The connector is the initial identity provider. You can add third-party identity provider instances or have a combination of both.

See Add and Configure an Identity Provider Instance.

Manage > Password Recovery Assistant

On the Password Recovery Assistant page, you can change the default behavior when "Forgot password" is clicked on the sign-in screen by the end user.

Manage > Policies

The Policies page lists the default access policy and any other web application access policies you created. Policies are a set of rules that specify criteria that must be met for users to access their My Apps portal or to launch Web applications that are enabled for them. You can edit the default policy and if Web applications are added to the catalog, you can add new policies to manage access to these Web applications. See Managing Access Policies.