Configuring VMware Identity Manager

Symantec VIP Authentication for VMware Identity Manager

Do you want to integrate3rd-party identity provider functionality into theVMware Identity Manager authentication workflow? Then you are in luck! Today’s post explains how toenable Symantec VIP authentication for VMware Identity Manager access.

Symantec VIP Authentication for VMware Identity Manager

VMware Identity Manager is an Identity as a Service (IDaaS) product offered by VMware. Since it is a stand-alone product, it does not require 3rd-party integrations to authenticate end users. However, integrating a 3rd-party authentication solution with VMware Identity Manager might make sense or be necessary in certain cases. That’s where Symantec Validation and Identity Protection (VIP), a centralized site for managing user credentials, comes into the picture. IntegrateSymantec VIPwith VMware Identity Manager to implement single or multi-factor authentication into vIDM via Symantec VIP.

Symantec VIP Authentication for VMware Identity Manager Workflows

Prior to attemptingintegration, it makes sense to review the configuration options. Since there are multiple ways to integrateSymantec VIP withVMware Identity Manager, this post explainstwo common options.

Single-Factor Authentication withSymantec VIP

This method uses Symantec VIP as the onlyauthentication factor for accessing the VMware Identity Managerportal and itsapplications.

The workflow begins when an end-user first opens the VMware Identity Manager portal. VMware Identity Manager redirects the end userto Symantec VIP, which challenges the user for their credentials. Theend user then provides their credentials which Symantec VIP validates. Post-validation, Symantec VIP redirects the end user to tothe VMware Identity Manager portal. Once connectedto the portal, end users access any managed application through single-sign on.

Multi-Factor Authentication withSymantec VIP

This method uses Symantec VIP as the second authentication factor for accessing the VMware Identity Managerportal or specific applications.Multi-factor authentication is ideal for organizations withcomplex security requirements.

The workflow begins when an end-user first opens the VMware Identity Manager portal. VMware Identity Manager then challenges the user for their credentials. In response to the challenge, theend user provides their credentials. Then, after validating the credentials, VMware Identity Manager redirects the end user to Symantec VIP with a SAML request. Since the SAML request contains aNameID, Symantec VIP uses the NameID to issue an authentication challenge. The end user then responds to the challenge, and Symantec VIP validates their response. Once authentication completes, the end-user redirects to the VMware Identity Manager portal. End users can now access any managed application from the portal through single-sign on.

Want to see the workflow in action? Then check out this VMware Identity Manager + Symantec VIPdemo.

Integrate Symantec VIP Authentication for VMware Identity Manager

Once you’ve reviewedthe available workflows, determine if you want to use Symantec VIP for single or multi-factor authentication. Once decided, you’re ready to begin integration! Complete the following steps to get started.

1. Obtain the VMware Identity Manager Service Provider Metadata

  1. Open the VMware Identity Manager Administrative Console.
  2. Navigate to Catalog > Settings.
  3. From the menuon the left, select SAML Metadata.
  4. On the Download SAML Certificate window, click Service Provider(SP) Metadata.
  5. Save the file as sp.xml.

2. Download the VMware Identity Manager Signing Certificate

  1. Open the VMware Identity Manager Administrative Console.
  2. Navigate to Catalog > Settings.
  3. From themenuon the left, selectSAML Metadata.
  4. On the Download SAML Certificate window, click Download.
  5. Save the file as signingCertificate.cer.

3. Configure Symantec VIP Login

  1. Open the VIP Manager Administrative Console.
  2. Navigate to Policies > VIP Login > Edit.
  3. Next to Import Metadata File, click Choose File.
  4. Select sp.xml.
  5. Next to Verification Certificate, click Choose File.
  6. Select signingCertificate.cer.
  7. Click Save.

4. If Configuring Single-Factor Symantec VIP Authentication, Enable VIP PIN and Set a PIN code.

  1. Open Symantec VIP.
  2. Navigate toPolicies> Account >Edit.
  3. Configure the VIP PIN policy settings.
    • Require a minimum number of characters.
    • Set character requirements.
    • Configure anexpiration date for the PIN.
    • Set the number of unique PINs required before the user can reuse a PIN.

5. Download Symantec VIP Metadata

    1. Open Symantec VIP.
    2. Navigate to Policies > VIP Login.
    3. Configure single or multi-factor Symantec VIP Authentication for VMware Identity Manager:
      • VIP Login Idp (Second Factor Only) -Download metadata xmlto enable multi-factor authentication with Symantec VIP.
      • VIP Login Idp (First and Second Factor) -Download metadata xmlto enable single-factor authentication with Symantec VIP.

6. Add Symantec VIP as a 3rd-party IDP in VMware Identity Manager

    1. Open the VMware Identity Manager Administrative Console.
    2. Navigate to Identity & Access Management > Manage > Identity Providers > Add Identity Provider.
    3. Complete the fields to add an identity provider:
      • Identity Provider Metadata -Copy the SAML metadata from the file saved in Step 5
      • Name ID Format - Appears asurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
      • Name ID Value- Select according to your environment.
      • Name ID Policyin SAML Request - Appears as urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
      • Authentication Method - Select urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport.

7. Define Policy and Policy Rule

Define the policy and policy rule for single or multi-factor Symantec VIP Authentication.

  • Single-factor -Set the first authenticator in the authentication chain to the defined authentication policy.
  • Multi-factor -Set the second authenticator in the authentication chain to the defined authentication policy.

To learn more about configuring policies, refer to the chapter Managing Access Policiesin the VMware Identity Management Admin Guide.

Learn More

  • VMware Identity Manager Documentation
  • VIP Policy Configuration

The post Symantec VIP Authentication for VMware Identity Manager appeared first on VMware End-User Computing Blog.

Read more..

Go Que Newsroom Categories

Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 40 bytes)
in /home/content/36/8658336/html/goquecom/wp-includes/wp-db.php on line 2022

Query Monitor