VMware Horizon VMware Workspace ONE Workspace ONE Access

What’s New in VMware Identity Manager June 2016 Release

We’re excited to announce general availability of following new features to the cloud and on-premises versions of VMware Identity Manager (IDM).

  • VMware Workspace ONE app updates to provide standalone mobile device management (MAM) and adaptive management features
  • One-touch single sign-on (SSO) and device compliance check for Android, Window 10 and Mac operating system (OS) devices
  • VMware Verify built-in, two-factor authentication (available for cloud version only, support for on-premises version coming soon)
  • LDAP Directory support
  • Launch on-premises VMware Horizon View from VMware IDM cloud
  • Simplified outbound-only deployment of the VMware IDM connector (for cloud version)
  • Simplified deployment of Integration Broker for Citrix Integration
  • Additional languages supported

Workspace ONE App Updates

Read this blog post for details on new features added to the app.

VMware Verify Built-In, Two-Factor Authentication

Verify_Logo_540x170Introducing modern two-factor authentication available to all VMware IDM customers for free. Read this blog post for details on this feature.

One-Touch SSO & Device Compliance Check for Android, Window 10 & Mac OS Devices

One Touch SSO policyIn January, we added one-touch SSO and device compliance check for iOS devices. Since, the same technology didn’t apply to other platforms, we had to come up with a different solution based on the type of platform. We’re happy to announce that now you can extend the same convenient access provided by one-touch SSO (password-less sign in) to your Android, Win10 and MacOS users, while ensuring user access is denied from non-compliant devices based on device compliance policies set in VMware AirWatch. The solution for Android works for both Android for Work (AfW) and non-AfW devices.

Here’s a summary of how One Touch SSO works for different platforms.

Platform How one-touch SSO works?
iOS Certificate with Kerberos
Android Certificate with AirWatch Tunnel
Win10 Certificate
MacOS Certificate

LDAP Directory Support

The IDM connector supported Active Directory, but did not support other LDAP directories, such as OpenLDAP. Now, the connector supports any directory with LDAP v2 interface. This supports use cases where employee identities are stored in Active Directory but contractors, partners, and affiliates are stored outside of Active Directory into an LDAP directory, such as OpenLDAP or Oracle Directory Server. IDM can connect to multiple directories from the same cloud tenant or on-premises instance.

Note that if you are using AirWatch integration to synchronize and authenticate users using AirWatch Cloud Connector (ACC), LDAP support was already available. This is for customers who have deployed the IDM connector to integrate with enterprise directory .

Launch On-Premises Horizon View from VMware IDM Cloud

Horizon View from IDM cloud
Adding Horizon View app or desktop

Integration with Horizon View was only supported by on-premises IDM deployments. Now, you can integrate the IDM cloud tenant with Horizon View, allowing Horizon View customers to embrace the cloud for identity management and allow users to launch View apps and desktops from the Workspace ONE app on their devices.

How Does It Work?

The IDM connector (deployed on-premises behind the DMZ) acts as a bridge between the IDM cloud and on-premises Horizon View deployment. The connector synchronizes the View resources and entitlements into the IDM cloud. When a user launches View app or desktop from the Workspace ONE app or portal, a connection with View Connection Server is established to get View resources available on user’s device.

Simplified Outbound-Only Deployment of the VMware IDM Connector

For the IDM cloud version, prior deployment model required VMware IDM connector (deployed on-premise behind the DMZ) to be front-ended by a reverse proxy in the DMZ.

Now, we’ve simplified the deployment requirement, such that the connector no longer requires to be front-ended by reverse proxy in the DMZ. The connector establishes an outbound-only connection (using websockets) with the cloud service, and receives authentication requests over this channel. To use this feature:

  • Upgrade to the latest connector version.
  • Add connector to the Built-in IdP configuration, and enable authentication methods, such as Password (cloud deployment).
  • Add the enabled authentication method to access policies.

Simplified Deployment of Integration Broker for Citrix Integration

VMware IDM Citrix XenApp integration
VMware IDM Citrix XenApp integration

IDM integrates with Citrix for providing SSO access from the Workspace ONE app to Citrix XenApp and XenDesktop. To achieve this integration, customers need to install the VMware-provided “Integration Broker” (an IIS web app). Previously, this component was required to be installed in the DMZ, so that its API accessible by the IDM cloud.

With this release, Integration Broker is no longer required to be deployed in the DMZ. It can be deployed behind the DMZ. API call from the IDM cloud to Integration Broker is now routed through the outbound-only IDM connector, simplifying the overall deployment process.

Additional Languages Supported

With this release, we’ve added support for Spanish, Korean and Taiwanese. Here’s a complete list of supported languages:

  • English
  • French
  • German
  • Spanish
  • Japanese
  • Simplified Chinese
  • Korean
  • Taiwanese