In this quick walkthrough, we’re going to review how to access your own instance of VMware Identity Manager (vIDM) from TestDrive. In your vIDM tenant, you will be able to make your own configurations and perform end to end testing.
Note: This tenant will not convert to production.
- Section 1: Accessing the vIDM Sandbox via TestDrive
- Section 2: Admin Portal Feature Walkthrough
- Section 3: Resetting Tenant Admin Password
Before you Begin
In order to complete this demo please make sure you have the following:
- A valid account in the VMware TestDrive environment, sign up here if you don't
Background Info - VMware Identity Manager Overview
The Workspace ONE platform is comprised of VMware Identity Manager (vIDM) and Workspace ONE UEM (previously known as VMware AirWatch).
VMware Identity Manager is identity management for the mobile cloud era that delivers on consumer-simple expectations like one-touch access to nearly any app, from any device. Empower employees to get productive quickly with a self-service app store while giving IT a central place to manage user provisioning and access policy with enterprise-class directory integration, identity federation and user analytics. A few of the key features of VMware Identity Manager include:
- Self-Service Unified App Catalog - Now, employees can access all their applications regardless of type in one central app catalog across all their devices. This aggregates entitlements to applications, regardless of where those entitlements are managed and allows for provisioning to be user activated or automatic. The app catalog includes applications brokered through Workspace ONE UEM from the Google, Microsoft or Apple app stores, remotely hosted Windows apps entitled through Horizon or Horizon Air, remote Citrix apps, internal web apps, packaged Windows apps and more.
- Enterprise Single Sign On - Enable your employees to launch directly into the apps they need without requiring multiple sets of credentials or needing to continuously authenticate. Through vIDM and Workspace ONE UEM a seamless Single Sign-On (SSO) experience can be achieved for web, mobile, SaaS, and legacy applications.
- Conditional Access Policies - Apply conditional access policies, denying or allowing access to individual apps, by user security group, network, and authentication strength.
In this sandbox you can configure your own vIDM SaaS tenant. This tenant is only available to your account unless you create accounts for others. Your personal tenant will get deleted when your TestDrive account expires. These tenants are non-convertible to production.
Warning: Turning toggle switch in the TestDrive portal back to OFF after enabling the product will de-provision your tenant and all your data within your test tenant will be lost.
NOTE: Please avoid disabling the vIDM tenant once provisioned as far as possible. If absolutely necessary, then give about 25-30 minutes after disabling the vIDM Tenant before re-enabling again in order to let the tenant info get completely removed from the database. Failure to do so may result in your tenant being stuck at 'Disabling Product' state on the TestDrive Portal and would need admin action to fix.
Section 1: Accessing the vIDM Sandbox via TestDrive
To get started navigate to the TestDrive Portal at portal.vmtestdrive.com. Log in with your TestDrive username and password.
Once you're logged in, scroll down to the VMware Identity Manager under the Sandbox Experience section. Toggle the switch to the right to enable the product. Once the switch turns green the product has been enabled.
By clicking the down arrow on the left side of the Identity Manager tile, you can view your login credentials.
Click the Launch button. A new tab will open for the Workspace ONE user portal for your personal vIDM instance. Log in using your Admin credentials from the previous step.
After logging in you'll see the catalog page which an end user would see. Note that the Catalog is empty, as no apps have been configured in your personal tenant yet. Let's navigate to the admin piece, so choose the dropdown next your your account in the top right.
Select "Administration Console".
Section 2: Admin Portal Feature Walkthrough
Now you're logged into the VMware Identity Manager Administrative Console. First, you'll land on the dashboard which provides analytics for your vIDM deployment including top applications and login statistics.
Choose the "Catalog" tab at the top. Here you would see all apps that have been added to the vIDM instance (Native mobile apps will not appear as those are added in the Workspace ONE UEM Admin Console). You can tag your apps so they appear in specific categories within the Workspace ONE catalog. Also, you can add an app by clicking "New" at the top left.
Click the "New" button. You can search for an application by name in the search bar. For this walkthrough, let's click the "or browse from catalog" link.
Next the cloud app catalog will load and you can choose any app your organization uses from the list.
Here we can modify how the app will appear in the Workspace ONE catalog to end users as well as define user entitlements, conditional access policies and your organization's tenant information for the app.
Next, lets take a deeper look at the policies which can be applied by app. Navigate to "Identity & Access Management" at the top and choose "Policies" from the grey bar. Here you'll see the default access policy. Choose "default_access_policy_set".
The details page for this policy will display. If this policy had been configured, you would see which apps this policy applies to as well as the primary and failover authentication methods for each device type.
Now let's see how to integrate vIDM with Workspace ONE UEM (formerly VMware AirWatch). From the Administration Console, open the Identity and Access Management tab and click the Setup button at the top right.
Click AirWatch at the right end of the menu bar. Now you can configure the settings for this integration.
For more information on integrating Workspace ONE UEM with VMware Identity Manager, please reference https://docs.vmware.com/en/VMware-Identity-Manager/3.3/idm-administrator.pdf
Section 3: Resetting Tenant Admin Password
If you need to reset your vIDM Sandbox password at any point, you can do so by either of two methods. First, if a user resets their TestDrive AD password, the vIDM tenant password will change too. Second, you can go to Settings within the vIDM User Portal and change it directly.
Note: If you change your password using the vIDM User Portal, please document your new password as it will not update on the TestDrive portal under "Admin Credentials" in the Identity Manager tile.
For the first method, resetting your TestDrive password, start by navigating to the TestDrive portal. Open the dropdown menu in the top right and select 'Change Password'.
For the second method, navigate to the vIDM User Portal and open the Tenant Admin dropdown and click Settings.
From the Account section, you can click the "Change" link next to Password to initiate the process.
For more information on the features of VMware Identity Manager, refer to the full product documentation hosted at https://docs.vmware.com/en/VMware-Identity-Manager/index.html