Hi Everyone, in this third part of VIDM series, I am going to explain authentication methods which can be configured for Intranet Users or those who are on corporate VPN. We will discuss about below two authentication methods:
Let’s discuss Password authentication now. Once you integrate Active Directory, your policy will have Password authentication enabled for all the domain users and users can straight away login to VMware Identity Manager portal.
- Default policy should look like as shown below
- Users can login with AD credentials.
- User is able to login successfully.
- Login to VMware Identity Manager admin console and navigate to Dashboard>Reports> Audit Events and filter Type with Login. It shows the method used to login was Password.
Now, we will discuss Kerberos authentication which will be seamless login and wont prompt for end users to enter the credentials. To achieve this, we need to perform some activities described further in this article.
- Login to VMware Identity Manager and navigate to Identity & Access Management> Setup > Connectors. Click on Connector Name under Worker heading
- Click on Auth Adapter and KerberosIdpAdapter
- In Adapter config page, select Enable Windows Authentication and click Save
- You should see a message with successful adapter update
Note: You may need to manually setup Kerberos if you get Kerberos initialization error. Follow this document
- Navigate to Identity & Access Management> Manage> Identity Provider and verify if Kerberos is available as Auth Method for WorkspaceIDP
- Now, we have to define policy to use Kerberos as authentication method. Navigate to Identity & Access Management> Manage> Polices. Click on Edit Default Policy> Configuration > Edit Policy Rule and select Kerberos from dropdown list for authenticate using.
- Click on Save on all the wizard and test the auth method.
- Login to any windows machine joined to domain with test user. Launch IE/Chrome and access the VMware Identity Manager portal it will automatically login if all the configurations are done correctly.
- Login to VMware Identity Manager admin console and navigate to Dashboard>Reports> Audit Events and filter Type with Login. It shows the method used to login was Kerberos
Note: You may need to do certain changes in your browser settings as mentioned in this article
Next, we will talk about configuring access from Intranet as well as Internet in Part 4 of this series.
Thanks for reading, let me know your feedback.