Thincomputing.net
15Dec/150

What’s New in VMware Identity Manager, Cloud – November 2015 Release

This article covers what's new in the November release of one of the lesser known pieces of VMware's EUC proposition: VMware Identity Manager.

Windows 10 and Mac OS X Access Policies

VMware Identity Manager provides a conditional access policy engine you can use to apply different authentication methods based on the user’s device, network (location), and application. With this new release, you can apply different authentication policies if the device type is Windows 10 or Mac OS X, in addition to the previous iOS, Android, Web browser, and all other devices. If a particular device type such as Windows 10 is selected, then all authentication requests coming from that device, including native applications and browsers, use this policy.

To access conditional access policies, from the Administration console, click the Identity & Access Management tab, and click Policies.

Edit_Policy_Rule_Window

Figure 1: Edit Policy Rule Window

Custom Access Policy Error Message

Now administrators can set a customized error message that displays to the user when the access policy fails. You can display a customized message that guides users through enrolling a device when they access a managed application from un-enrolled devices.

Figure 2 shows how the administrator can set up the customized error message.

Custom_Error_Message

Figure 2: Setting Up a Customized Error Message

After you customize the error message, the end user sees the message on their device, as shown in Figure 3.

Customized_Error_Message
Figure 3: Customized Error Message

Single Sign-On with Safari View Controller on iOS and with Chrome Custom Tabs on Android

With iOS 9, Apple added a new Safari View Controller class for developers to use in applications for browser access, instead of embedded WebView. Similarly, Google added the new Chrome Custom tabs feature for browser access in Android applications, instead of using WebView. Both of these capabilities allow users to sign in once to the device, and then achieve single sign-on between the system browser and native applications using either Safari View Controller or Chrome Custom tabs, respectively. To use this feature, enable the Persistent Cookies for User Sessions check box as shown in Figure 4. The cookie time-out can be adjusted from the Access Policy Rule definition accessible from theIdentity & Access Management tab, then Manage, and Policies. Follow the steps as presented in the following figure.

Setting_Up_Single_Sign_On

Figure 4: Setting Up Single Sign-On

  1. From the Identity & Access Management tab, click the Setup button.
  2. Click the Preferences tab.
  3. For Persistent Cookie for User Sessions, select Enable Persistent Cookie.

Same User Name and Group Name Now Allowed in Multiple Domains

An important feature of VMware Identity Manager is that you can abstract multiple Active Directory (AD) instances within an enterprise to create a single point of policy management. In the past if you had multiple ADs connected to a single VMware Identity Manager tenant, you were not able to synchronize users with the same user name across multiple ADs because they were treated as duplicates. Now you can synchronize those users because we have updated the user uniqueness rule to be a combination of user name plus domain name. This allows a user name such as Administrator to have both an AD account in multiple AD domains as well as a local user account in VMware Identity Manager. Similarly, now you can have the same group name synchronized into VMware Identity Manager from multiple AD domains, or create a local group with the same name.

Source: https://blogs.vmware.com/euc/2015/12/identity-manager-cloud-whats-new-november-2015.html

Filed under: News Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.