I like a product name that ‘does what it says’ on the tin (or download…) – VMware Identity Manager is such a product, and then some. VMware Identity Manager (vIDM) does just that – it manages the various facets of Identity. Now let’s consider what we use Identity for? Typically, it’s the following:
In order to add multiple directories, you’ll need to deploy multiple Connectors – at least one per domain (ideally a pair for resilience). In an on-premises deployment, the vIDM appliance has a built-in Connector, though it’s probably wise to deploy separate, standalone Connectors. These are available as either a Linux based appliance, or a Windows Server installable application (included as part of the VMware Workspace ONE Enterprise Systems Connector). In either case, within vIDM, you need to log into the Admin console and go through “Identity & Access Management”, select Setup and the “Add Connector” button to generate an activation code.
Once you’ve done this, it’s a case of deploying the Connector, and logging onto its web interface (https://connectorFQDN:8443) and completing a wizard. All you do here is drop in the Activation Code, the root certificate used for vIDM and set a local Admin password. Simple! In vIDM, you’ll see your new Connector – note the installed version conforms to what you’ve deployed (here, a Windows connector).
With this in place, we can set up a Directory synchronisation.
In the Add Directory wizard, it’s the same process as would be the case for adding the first – though using the new Connector. Remember that you’ll also need to select attribute mappings and Organisational Units for Users and Groups. Once you’re done, you’ll see multiple directories:
It’s possible to configure the Client Access FQDN for each Horizon instance on each IP range, configured in vIDM, so you have further options.
- For the purposes of authentication into a solution – who are you?
- For the entitlement to resources – what you can do, based on who you are?