Setup an Identity Provider to use Password Cloud Deployment

PREREQUISITES:

This section will review how to configure the Built-In Identity Provider (IdP) to allow your corp.local domain users to provide their AD credentials to sign in to the VMware Identity Manager tenant.

1. Configure the Built-In Identity Provider

  1. Click Identity & Access  Management.
  2. Click Identity Providers.
  3. Click Built-In.

1.1. Configure the Identity Provider

  1. Scroll down to find the Users, Network and Authentication Methods sections.
  2. Click to enable the corp.local users.
  3. Click to enable the ALL RANGES network range.

1.2. Associate Connector with Identity Provider

  1. Scroll down to find the Connector(s) section.
  2. Select vescsrv-01a.corp.local from the list.
  3. Click Add Connector.

NOTE - If you don't see a list of available connectors, you may need to wait a few moments until the connectors are queried.

1.3. Associate Connector Authentication Methods

  1. Scroll down to the bottom.
  2. Click the checkbox by Password (cloud deployment) for the Connector Authentication Methods to associate this authentication method with the Identity Provider.
  3. Click Save.

1.4. Confirm the Identity Provider Was Created

The list of Identity Providers should now show your Built-In Identity Provider as having the Password (cloud deployment) authentication method for the corp.local directory and using the vescsrv-01a.corp.local connector.

2. Configure the Access Policy

  1. Click Identity & Access Management
  2. Click Policies
  3. Click Edit Default Policy

2.1. Add New Policy Rule

  1. Click Configuration
  2. Click Add Policy Rule

2.2. Configure Policy Rule Details

  1. Select ALL RANGES for the network range.
  2. Select All Device Types for the device type.
  3. Type "Domain [email protected]" for the user group.
  4. Click the Domain [email protected] result.

2.3. Configure the Authentication Method

  1. Scroll down to the bottom.
  2. Select Authenticate using... for the action.
  3. Select Password (cloud deployment) for the authentication method.
  4. Click Save.

2.4. Re-Order the Access Policy Rules

  1. Click and drag the created policy rule, which has Any configured for the Device Type, to the top of the list.
  2. Click Next.

2.5. Review and Save

Review as desired and click Save.

Your Policies and Identity Providers are now configured to authenticate your Domain [email protected] group using Password (cloud deployment) through your vescsrv-01a.corp.local connector.  Your tenant local users will continue to be authenticated with their default methods (Password and Password (Local Directory)) as we did not modify those policies.

3. Verify that corp.local Users Can Login

  1. Click the Tenant Admin dropdown in the top-right corner.
  2. Click Logout.

3.1. Go Back to the Login Page

Click Go back to login page.

3.2. Login as aduser

  1. Enter aduser for the username.
  2. Uncheck Remember this setting.
  3. Click Next.

3.3. Enter the Domain User's Password

  1. Enter VMware1! for the password.
  2. Notice that the domain shows as corp.local, verifying that aduser belongs to corp.local instead of the System Domain.
  3. Click Sign in.

3.4. Open the Settings Page

  1. Click the User Dropdown.
  2. Click Settings.

3.5. Confirm the User Details

  1. Click the Account tab.
  2. Confirm the Profile for the user shows you've signed in as [email protected].
  3. Click Sign Out.

This confirms that you have successfully allowed the Identity Provider to use the Connector we installed and configured earlier to use the Password (cloud deployment) authentication method to authenticate your Active Directory users.

Continue to the next steps to log back in as your local Administrator account.

4. Login as the Local Tenant Administrator

  1. Enter administrator as the username.
  2. Uncheck Remember this setting.
  3. Click Next.

4.1. Enter the Administrator Password

  1. Enter VMware1! for the password.
  2. Notice the System Domain is displayed since our Administrator account belongs to the local System Domain.
  3. Click Sign In.
  1. Click the User Dropdown.
  2. Click Administration Console.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.