VMware Identity Manager 19.03: What’s New


Hi my name is Peter Björk and I’m a
Senior Staff Architect within the End-user Computing Technical Marketing
department at VMware in this video I will walk you through some of the
highlights of the VMware Identity Manager 19.03 release throughout this
video you will see pop-ups these will tell you that there is a separate video
explaining the feature more in-depth if you click on the pop up the deep dive
video will load in a separate tab in your browser
this way you can finish watching this video and later watch the more in-depth
content but before we start let’s have a look at the new versioning and what
deliverables are included in this release with this new release we have
changed the versioning of VMware Identity Manager the previous version
was version 3.3 now we release version 19.03 the reason for this new versioning
is to better align with adjacent products such as the Workspace ONE UEM console and to provide more logical versioning based on year and month from
an on-premises point of view the two main deliverables in this release are
the Linux version of the VMware Identity Manager Service appliance and the
Windows version of the connector we also release a Windows version of the Service
but for an on-premises deployment it is highly recommended to use the Linux
Service appliance and the Windows connector moving forward in this video I
will cover these features and enhancements for a full list please
refer to the release notes in 19.03 we enhanced the support for the VMware
Horizon feature called TrueSSO it is now possible to unlock a VDI or a RDSH
desktop using VMware Identity Manager authentication methods previously the
users could only unlock their resource using their Active Directory password please note that the unlock flow sends a
reauthentication request to the VMware Identity Manager so users will be
prompted for authentication even if they happen to have a valid session with the
VMware Identity Manager the TrueSSO unlock feature requires VMware Horizon
version 7.8 and the corresponding agent it also requires the Horizon client
version 5 we have enhanced our third-party identity provider
capabilities in other words when using another identity provider to
authenticate users into VMware Identity Manager we have added support for the
user identifier sent in an inbound SAML Assertion to be either sent in the
subject or the attribute statement previously we only supported getting the
user identifier from the subject section of the SAML assertion historically
VMware Identity Manager couldn’t see the Android device source IP when using
MobileSSO for Android therefore differentiating the MobileSSO
for Android authentication policy depending on network range wasn’t
possible now the client source IP is readable by VMware Identity Manager also when using MobileSSO for Android typical use case could be that you want
to prompt for only MobileSSO for internal devices but combine MobileSSO
and VMware Verify or any other MFA authentication for devices connecting
from the Internet in 19.03 we changed how the system diagnostic dashboard loads
now each section loads independently you can also refresh each section by itself
we’ve added more Diagnostics as well this way it is easier for an
administrator to keep an eye on the health of their VMware Identity Manager
implementation in previous versions we supported one
connector configured for directory sync if that connector went down an
administrator had to manually promote another connector for directory sync in
this release we allow for the administrator to configure multiple
connectors for directory sync VMware Identity Manager service will
automatically recognize if a connector is down and use the next connector in
the list to perform directory sync we now expose specifying a time sync server
directly in the admin UI while it was possible to specify an NTP server before
you had to do all the settings using the Linux console now it’s much easier for
an administrator to change time sync settings the default is still to rely on
the underlying ESXi host for time synchronization another enhancement for
the administrators is the fact that we now support PFX certificate files before
we only supported PEM certificate files we changed the administrator’s
experience adding Horizon, Horizon Cloud and Citrix resources into VMware
Identity Manager now it is all wizard based and guides the administrator
through the process as an example the network ranges are now a part of the
flow configuring network ranges was previously often something that was
forgotten but with this change it should be easier to remember configuring it
with this new wizard UI the virtual app collection can be configured directly
from within the Workspace ONE UEM console VMware Identity Manager can
provision users into Workspace ONE UEM the provisioning of user is done using
the SCIM protocol with version 19.03 the AirWatch provisioning application is
now supported for both cloud and on-premises implementations you find the
AirWatch provisioning application in the online application catalog We added further integration with Okta we now support
displaying Okta catalogue items in the portal we also integrated with the Okta
password rules engine so a user can use the change password dialog box from
within Identity Manager but the change is performed by Okta Microsoft
recommends using the mS-DS-ConsistencyGuid instead of the objectGUID when
federating to office 365 with VMware Identity Manager version 19.03 we now
support using mS-DS-ConsistencyGuid when federating with Office 365 with the
end-of-life of the VMware Identity Manager connector running on Linux we
also got rid of the embedded connector on the VMware Identity Manager Service
moving forward you must deploy an external
Windows-based connector we offer a migration tool helping you migrate from
a separate Linux connector as well as the Windows and Linux embedded
connectors to an external Windows-based connector in previous versions we made
use of the built-in connector running on the Service to perform certificate based
authentication in the DMZ now since the connector is gone we added
a certificate based authentication to the service built-in identity provider
the benefit with this is much simplified setup of certificate based
authentication we can still use a separate port to perform certificate
based authentication if your network topology requires so by default this
port is running on TCP 7443 with that I thank you for watching this video and
I hope you found it informative to learn more please visit https://techzone.vmware.com

Leave a Reply

Your email address will not be published. Required fields are marked *