VCAP6-DTM Deployment Objective 6.1 – Configure User Access to VMware Identity Manager

Configure Active Directory users to sync with VMware Identity Manager

Identity Manager have specific default regiments to add users to it. We can modify this settings by login to Administrator console and go to Identity & Access Management >Setup > User Attributes. By default 4 attributes are selected as below, if user AD account missing any of them Sync with AD will failed and we will be present with error message.


User Attributes


Sync Error message

We can deselect or add more attributes if needed. After we specify what attributes we need and make sure AD users contain all the information we can add new user to sync.  From Identity & Access Management > Directories click Directory Name and Sync Settings 


Directories settings

To add new user select green plus icon and type or paste Distinguished Name for the user. Click Save & Sync to sync right a way or save to sync on next scheduled synchronization task.


Sync settings

Create/Manage VMware Identity Manager groups

We can create local groups in Identity Manager. From User & Groups select Create Group and provide Group name and description




Creating new group

To add user to new group click the group name and Users in This Group > Modify Users in this group


Adding users

We can create rule to add specific user to the group base on rule condition or select Additional Specific Users and type user name, click Next and save to add to the group.


Rule or specific user adding


Results and Save

Assign entitlements to users/groups according to a deployment plan

We can add users or groups to entitlements for application manage by Identity Manager. From within User & Groups select one and click the Entitlements, click green plus button Add entitlement select what kind of application type – ThinApp Package – check box next to application and choose what kind of deployment mode – User Activated or Automatic.




Application selection

Create/Edit Access Policy sets

We can Edit the default policy. First we need to create new Network Range under Identity & Access Management > Setup > Network Range click Add Network Range to specify IP addresses range from within user will access applications.


Network Range


New Network Range

Next under Manage > Policies click Edit Default Policy click green plus to add new rule.


Adding new rule to policy

Select new Network range and from what kind of devices user might connect and specify one or more rule how user must authenticate when connecting.


authentication rules

Click here to read other entries in the series VCAP6 -DTM

One response to “VCAP6-DTM Deployment Objective 6.1 – Configure User Access to VMware Identity Manager

  1. Pingback: VCAP6-Desktop and Mobility Deployment Study Guide – Virtual Elementary·

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.