Friday, April 12, 2019

Federating Multiple Identity Managers for VMware Services

For those who may have wondered, yes I am still alive.

Image result for twoIt's been a massive few months with overseas travel, new certifications and being admitted as a VMware CTO Ambassador. I'll make sure I write about all of this another time.

For background there has been a decision made by VMware recently where a lot of our Non-EUC solutions include a VMware Identity Manager licensing entitlement. What this is meant to allow is something like VMware Log Insight to be able to authenticate with Identity Manager allowing simplified SSO for administrators. This entitlement to Identity Manager is for the On-Premises version only.

So now, let's go into this scenario posed to me recently. What if that customer already has an entitlement to a SaaS Identity Manager tenant? Do they need both? Without opening a can of worms and entering the realms of licensing, the answer is "probably" and it's actually not a bad thing. Their situation was that they had some users who needed access to Log Insight that had an entitlement to a Workspace ONE SaaS license but not all of them. This meant we had to leave Log Insight federated with the On-Premises Identity Manager. If there is where we stopped everything would have worked, but the user experience would be pretty ordinary as they'd need to authenticate to both Identity Managers.

That's not how we roll at VMware! Lets make it simple!