The VMware Identity Manager policies are a set of rules that specify criteria that must be met for users to access their app portal or to launch specified Web applications.

You create the rule as part of a policy. Each rule in a policy can specify the following information.

The network range, where users are allowed to log in from, such as inside or outside the enterprise network.

The device type that can access through this policy.

The order that the enabled authentication methods are applied.

The number of hours the authentication is valid.


The policies do not control the length of time that a Web application session lasts. They control the amount of time that users have to launch a Web application.

The VMware Identity Manager service includes a default policy that you can edit. This policy controls access to the service as a whole. See Applying the Default Access Policy. To control access to specific Web applications, you can create additional policies. If you do not apply a policy to a Web application, the default policy applies.