You can create a client to enable a single application to register with VMware Identity Manager services to allow user access to a specific application.


In the administration console Catalog tab, select Settings > Remote App Access.


Click Create Client.


On the Create Client page, enter the following information about the application.



Access Type

Options are User Access Token or Service Client Token.

Client ID

Enter a unique client ID for the resource.


Select Identity Manager


Select the appropriate scope. When you select NAAPS, OpenID is also selected.

Redirect URI

Enter the registered redirect URI.

Advanced Section


Shared Secret

Click Generate Shared Secret to generate a secret that is shared between this service and the application resource service. The client secret must be kept confidential. If a deployed app cannot keep the secret confidential, then the secret is not used. The shared secret is not used with Web browser-based apps.

Issue Refresh Token


Token Type

Select Bearer

Token Length

Leave the default setting, 32 Bytes.

Issue Refresh Token

Check Refresh Token.

Access Token TTL

(Optional) Change the Access Token Time-To-Live settings.

Refresh Token TTL


User Grant

Do not check Prompt users for access.


Copy and save the client secret to configure in the application setup.


Deselect the Issue Refresh Token check box.


Click Add.

The client configuration is displayed on the OAuth2 Client page, along with the shared secret that was generated.

Enter the Client ID and the shared secret in the resources configuration pages. See the application documentation.