Active Directory Federation Services (AD FS) is a Windows Server component that provides single sign-on access to applications and systems for users using claims-based authentication.  You can configure VMware Identity Manager to use Active Directory Federation Service (AD FS) as the third-party identity provider for authentication.  In this lab, we’ll review how to install and configure AD FS and how to add AD FS as a 3rd party IdP in VMware Identity Manager.

1. Prerequisites

  • VMware Identity Manager Tenant: SaaS or On-Premise instance of VMware Identity Manager that you have administrator access to.  For this lab, use the VMware Identity Manager tenant that is provided to you (details to access are contained in later steps).
  • Synced Domain: Utilize the VMware Enterprise Systems Connector to sync a domain and at least a single domain user to login with.
  • Install AD FS: Install AD FS on a server you have access to.  This will require administrator access.

For this lab, all of the the prerequisites will be available to you.

2. Lab Limitations

No External Access: The AD FS instance we'll be configuring will only be able to validate requests from within the lab vApp network that you have access to during the course of this lab.  External requests, such as from your own servers or devices, would require Server Name Indication (SNI) and a unique federation service name for each lab instance to properly route traffic to the intended server through the F5.  To limit the complexity and focus of the lab, these measures are not taken and the default federation service name we will be using ( will only be accessible from the lab vApp network.


Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.