VCAP6-DTM Deployment Objective 6.1 – Configure User Access to VMware Identity Manager

Configure Active Directory users to sync with VMware Identity Manager

Identity Manager have specific default regiments to add users to it. We can modify this settings by login to Administrator console and go to Identity & Access Management >Setup > User Attributes. By default 4 attributes are selected as below, if user AD account missing any of them Sync with AD will failed and we will be present with error message.

ident.JPG

User Attributes

error.JPG

Sync Error message

We can deselect or add more attributes if needed. After we specify what attributes we need and make sure AD users contain all the information we can add new user to sync.  From Identity & Access Management > Directories click Directory Name and Sync Settings 

sync-settings

Directories settings

To add new user select green plus icon and type or paste Distinguished Name for the user. Click Save & Sync to sync right a way or save to sync on next scheduled synchronization task.

users

Sync settings

Create/Manage VMware Identity Manager groups

We can create local groups in Identity Manager. From User & Groups select Create Group and provide Group name and description

group

Groups

group1

Creating new group

To add user to new group click the group name and Users in This Group > Modify Users in this group

addto-group

Adding users

We can create rule to add specific user to the group base on rule condition or select Additional Specific Users and type user name, click Next and save to add to the group.

addto-group1

Rule or specific user adding

addto-group2

Results and Save

Assign entitlements to users/groups according to a deployment plan

We can add users or groups to entitlements for application manage by Identity Manager. From within User & Groups select one and click the Entitlements, click green plus button Add entitlement select what kind of application type – ThinApp Package – check box next to application and choose what kind of deployment mode – User Activated or Automatic.

ent

Entitlements

ent1

Application selection

Create/Edit Access Policy sets

We can Edit the default policy. First we need to create new Network Range under Identity & Access Management > Setup > Network Range click Add Network Range to specify IP addresses range from within user will access applications.

network-range

Network Range

network-range2

New Network Range

Next under Manage > Policies click Edit Default Policy click green plus to add new rule.

policy

Adding new rule to policy

Select new Network range and from what kind of devices user might connect and specify one or more rule how user must authenticate when connecting.

policy2

authentication rules

Click here to read other entries in the series VCAP6 -DTM

Advertisements

One response to “VCAP6-DTM Deployment Objective 6.1 – Configure User Access to VMware Identity Manager

  1. Pingback: VCAP6-Desktop and Mobility Deployment Study Guide – Virtual Elementary·

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s