VMware Identity Manager 3.2
In this Article I will give you a brief overview of VMware Identity Manager 3.2 Updates.
As we all know is sizing and design the base of every solution and infrastructure. Same for VMware Identity Manager (further: vIDM). The sizing of vIDM depends on several facts like the authentication method you want to use (mobileSSO, SAML etc.) because each authentication method has totally different payloads.
An additional aspect of architecture planning and to design a vIDM Solution is the configuration of the vIDM connector or multiple of them, also called as Enterprise Systems Connector (ESC). You should keep in mind that only one connector can perform AD, Horizon, Thinapp and/or Citrix synchronization. If you have two connectors, one will overwrite the other.
Further we want to have a look deeper in some configuration topics.
You can set different attributes as required in the configuration of vIDM which will be mapped to the Microsoft Active Directory attributes. But be careful, if you set an attribute as required, it must exist in the Active Directory otherwise the User Account will never be synced to vIDM. A good example is an service account. If you set email as required attribute (an service account usually haven´t it), this account wouldn´t be synced to vIDM.
If you want to change attributes from required to not required (uncheck tick box), you have to delete the Directory in vIDM, uncheck the box of the attribute and re-sync the Directory again.
That brings us to the next point, entitlements.
If Entitlements are set to an application or something and you delete the Directory in vIDM, you have to re-set the entitlements to Apps / SAML Apps after re-sync the Directory. Entitlements to Horizon resources come from Horizon.
WS1 landing page
If the User login to the Workspace ONE Portal sometimes he lands on the catalog page instead of the bookmark page where he finds his bookmarked Apps or Desktops for instance. But why? If the User have no bookmarks, he will be landing on the catalog tab. Otherwise if he has minimum one App or Desktop bookmarked, he lands on the bookmark tab.
The Administrator has the possibility to hide a tab, bookmark or catalog. If he do that for the bookmark tab for example, the User can´t bookmark any Apps.
Admin defined Bookmarks
Administrators can define Apps or Desktops which will automatically bookmarked and shown in the Bookmark tab of the Users. If a User previously un-bookmarked an App, this App will no longer shown in the Bookmarks even it´s configured under pre-defined Apps by the Administrator and the feature is enabled.
Simple use case for an combination of Admin defined bookmarks and hide the catalog tab, could be sessional workers. The Administrator pre-define Apps for the Users to work with and hide the Catalog tab. Users will only have the Bookmark tab if they login to Workspace ONE and can´t see additional Software which is included in the Catalog already.
Role based access control (RBAC) for Administrators
In vIDM 3.2 you have a role-based concept for Administrators. You have 3 pre-defined Admin roles, Super Admin, read-only and Directory Admin. You can create roles by your own to differentiate the administration based on permissions as well.
OpenID Connect (OIDC) Applications in the Catalog
You can use OIDC as protocol to SSO into Apps. You can assign users and access policies for OIDC Apps in the same way as SAML.
Reset Desktop for Horizon Cloud and Horizon 7
Now you can reset Horizon Cloud or Horizon 7 Desktops through the WS1 Portal directly. It´s like push the reset button.
Improvement in case of dependency on Tunnel App
A really great improvement was made in space of Tunnel App dependency of an application. Now the user will be better informed if an application has an dependency on the tunnel app. Further the user will be guided through the installation process of the tunnel app and how to initialize a connection. For Android this will be available if the Workspace ONE Application for Android 3.2.1 is released.