Denys Rudyi - Fotolia


VMware Identity Manager helps IT provide user access across device types

With Identity Manager, VMware's identity as a service offering, IT admins can deliver a variety of application types across devices and users can access resources through single sign-on.

VMware Identity Manager integrates with on-premises directory services to let administrators provide user-based access to web, mobile and SaaS applications.

Identity Manager, an identity as a service product, aims to make it easier for administrators to grant users access to the applications and resources they need and, just as importantly, revoke that access when users leave the organization.

Compare both VMware Identity Manager editions

VMware offers two editions of Identity Manager: Standard and Advanced.

Identity Manager, an identity as a service product, makes it easier for administrators to grant users access to the applications and resources they need from their devices.

The Standard edition comes with the Horizon 6 Application Management Bundle as an on-premises product only that replaces VMware's Workspace Portal. It provides features such as single sign-on (SSO) identity federation, a third-party authentication broker and application reporting and analytics.

The Advanced edition builds on the Standard edition with features such as passcode management, device registration and enrollment, remote wipe, one-touch SSO and device configuration. The Advanced edition is included as part of certain VMware AirWatch suites, but it is also available as a stand-alone product, which is not quite as robust as the AirWatch edition.

VMware offers the AirWatch and stand-alone versions of the Advanced edition as either an on-premises product or as a cloud-based service.

Digging deeper into VMware Identity Manager

Identity Manager facilitates mobile and Software as a Service (SaaS) application access. When admins implement VMware Identity Manager in conjunction with AirWatch, it provides a single infrastructure for managing users across various devices and application types, offering visibility into what users can access and whether sensitive data could be at risk. Identity Manager also optimizes authentication based on device type; for example, it uses platform-specific adapters to authenticate users on Apple iOS and Google Android devices.

Identity Manager supports a wide range of web, native and virtual applications, including VMware ThinApp, Horizon 6 and Citrix XenApp apps. In addition, VMware Identity Manager supports the Security Assertion Markup Language framework, so admins can authenticate users for Box, Salesforce, Google's G Suite and other third-party services.

Enter the self-service app store

The Identity Manager package includes an app store with where managed users can access applications IT approved for the enterprise. Admins can also deliver specific applications to users by group. The app store provides a responsive HTML5 app launcher that supports any approved device.

The app store can also provide IT teams with analytics that detail what apps users are working with, who is using what apps and how often they use each app. With this information, admins can better determine usage trends, manage licensing and plan capacities.

End users can access the portal from most major browsers, such as Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge and Microsoft Internet Explorer 11 as well as the native browsers built into Android and iOS devices.

What do you know about cloud identity management?

New ways of accessing apps are making cloud identity management a priority for IT shops. Take this quiz to see how ahead of the curve you are.

Behind the scenes with VMware Identity Manager

Identity Manager can work with Active Directory or other Lightweight Directory Access Protocol directories, using an on-premises connector that syncs user and group data. In addition, admins can apply conditional access policies by security group, network or authentication strength. Identity Manager can distinguish between managed and unmanaged devices as well as different types of applications, providing controls based on data sensitivity. It also supports multiple identity verification methods, including single-factor authentication and chained, two-factor authentication.

When admins use VMware Identity Manager with AirWatch, it can create device identities that bind with users' identities. In this way, device ownership serves as a factor in the SSO authentication process, even with native mobile apps. Users can log in to their enabled devices and access supported applications without having to enter multiple passwords. The Identity Manager directory stays in sync with the AirWatch users and groups to provide a unified authentication experience.

Next Steps

Dive deeper into mobile identity management

A look at security in AirWatch

Peek under the hood of AirWatch

Dig Deeper on Endpoint security management tools