Configure Active Directory users to sync with VMware Identity Manager
Identity Manager have specific default regiments to add users to it. We can modify this settings by login to Administrator console and go to Identity & Access Management >Setup > User Attributes. By default 4 attributes are selected as below, if user AD account missing any of them Sync with AD will failed and we will be present with error message.
We can deselect or add more attributes if needed. After we specify what attributes we need and make sure AD users contain all the information we can add new user to sync. From Identity & Access Management > Directories click Directory Name and Sync Settings
To add new user select green plus icon and type or paste Distinguished Name for the user. Click Save & Sync to sync right a way or save to sync on next scheduled synchronization task.
Create/Manage VMware Identity Manager groups
We can create local groups in Identity Manager. From User & Groups select Create Group and provide Group name and description
To add user to new group click the group name and Users in This Group > Modify Users in this group
We can create rule to add specific user to the group base on rule condition or select Additional Specific Users and type user name, click Next and save to add to the group.
Assign entitlements to users/groups according to a deployment plan
We can add users or groups to entitlements for application manage by Identity Manager. From within User & Groups select one and click the Entitlements, click green plus button Add entitlement select what kind of application type – ThinApp Package – check box next to application and choose what kind of deployment mode – User Activated or Automatic.
Create/Edit Access Policy sets
We can Edit the default policy. First we need to create new Network Range under Identity & Access Management > Setup > Network Range click Add Network Range to specify IP addresses range from within user will access applications.
Next under Manage > Policies click Edit Default Policy click green plus to add new rule.
Select new Network range and from what kind of devices user might connect and specify one or more rule how user must authenticate when connecting.
Click here to read other entries in the series VCAP6 -DTM