What’s New in VMware Identity Manager 19.03
The latest release of VMware Identity Manager is on the shelf! You can see what’s new in VMware Identity Manager 19.03 at:
The new release starts with the new Linux version of the VMware Identity Manager Service Appliance, delivered as an OVA to be deployed on vSphere, as well as a new Windows version of the Windows VMware Identity Manager Connector. The 19.03 release also sports a fresh new date-based versioning method that aligns with related products such as the Workspace ONE UEM console.
In addition, the 19.03 release also includes:
- Added support for TrueSSO Unlock – With 19.03 release, you can now unlock a VDI and RDSH desktop using VMware Identity Manager. Previously, the Active Directory password was the only option. Requirements include VMware Horizon 7.8 and corresponding Agent, and Horizon Client 5.
- Added support for User Identifier in attribute statement – You now have more options for using third-party Identity Providers to authenticate users into VMware Identity Manager. In previous releases, VMware Identity Manager supported user identifier in only the subject statement of the SAML Assertion. Now the attribute statement is supported, as well.
- Added support for network policy for Android SSO – VMware Identity Manager can now read the client source IP when using MobileSSO for Android. Previously, VMware Identity Manager did not have this capability, which meant you couldn’t use different access policies based on network range and MobileSSO for Android.
- Enhanced dashboard – The System Diagnostic Dashboard has more diagnostics that put the health of your VMware Identity Manager implementation at your fingertips. The Dashboard also loads faster because each section loads independently. You can refresh each section independently as well.
- Enhanced Directory Integration – Previously, you had a single connector for directory sync and if it failed, you had to manually promote another to take its place. Now, you can configure multiple connectors to perform directory sync. If a connector fails, VMware Identity Manager automatically detects the failure and switches to the next active connector to continue the directory sync.
- Enhanced time synchronization – You can now use the administration console to change time sync settings, and you are no longer required to use the Linux console to specify an NTP server. The underlying ESXi host is still the default for time synchronization.
- Added Support for PFX Certificates – Certificate files in PFX format are now supported, as well as in PEM format as in previous releases.
- New wizard to configure virtual apps – It’s now easier for you as an administrator to configure virtual appliances with the addition of a wizard. The wizard-based configuration method includes Horizon, Horizon Cloud, and Citrix resources in VMware Identity Manager, and guides you through the process without leaving any gaps.
As well as:
- Workspace One UEM user provisioning – It is now possible to use VMware Identity Manager to provision users into Workspace ONE UEM (previously called AirWatch). The AirWatch Provisioning application, available in the online application catalog, is supported for both cloud and on-premises implementations.
- Enhanced Okta integration – Okta catalog items are now displayed in the app catalog. The integration also supports the password change using the Okta password change engine.
- Added support for mS-DS-ConsistencyGuid – This release now supports the use of mS-DS-ConsistencyGuid instead of ObjectGUID, as recommended by Microsoft, when federating with Office 365.
- Removed embedded Connector – The embedded Connector on the VMware Identity Manager Service has been removed, and you now deploy external Windows-based Connectors.
- Added Connector migration tool – A tool to help migrate from separate Linux Connectors to an external Windows-based Connector is now available, which also works with the migration from embedded Windows and Linux Connectors as well.
- Redesigned certificate authentication service – Certificate-based authentication is now easier. The built-in connector has been removed, and you now use the built-in Identity Provider. You still use a separate port if required by your network topology, which runs on TCP 7443 by default.
For more details