Identity Manager is an Identity as a Service (IDaaS) offering, providing application provisioning, self-service catalog, conditional access controls and Single Sign-On (SSO) for SaaS, web, cloud and native mobile applications.
Workspace ONE Application
- Workspace ONE app delivering internal enterprise mobile apps to unmanaged devicesYou can use the Workspace ONE app to distribute public mobile applications and internal enterprise mobile apps to unmanaged devices through the Workspace ONE app catalog. This allows you to create a private app store to distribute all types of apps through Workspace ONE. The internal app does not have to use the AirWatch SDK. If it uses the AirWatch SDK, you can remote wipe the data from these apps when the user leaves the company or the device goes out-of-compliance (such as jail broken).
- Workspace ONE app providing Adaptive Management for Android devicesNow your Android users (both with legacy Android and Android for Work capable devices) can enjoy the benefits of adaptive management. Users can download the Workspace ONE app from the Google Play Store and start using the app in standalone Mobile Application Management (MAM) mode. They can progress to OS MAM when an application with a lock icon in the catalog is selected for installation. Once, the user enrolls the device into OS MAM, the lock icon goes away. The user can now install all the apps from the catalog. Users no longer have to install AirWatch agent on their Android devices to get their devices enrolled into OS MAM.
- Open Web app in VMware BrowserNow you can force the launch of certain Web apps through VMware Browser instead of through the system browser when the Web app is launched through the Workspace ONE app. You can control this setting on a per-app basis. VMware Browser is a secure browser which provides IT unparalleled control over browser cache, such as remote wiping the cache when the user leaves the company or a device goes out-of-compliance. Requires Workspace ONE app v2.2.
Authentication and Access
- VMware Verify two-factor authentication for on-premise deploymentsNow you can use VMware Verify two-factor authentication with your VMware Identity Manager on-premise deployment. This feature was available only for the VMware Identity Manager cloud previously. The VMware Verify authentication method provides two-factor authentication at login time or step-up authentication post-login when a user accesses a critical app from the launcher. VMware Verify supports convenient push authentication from smart phones or time based one-time password (TOTP) authentication when the device is offline, or SMS passcode for flip phones.
- Conditional access for Horizon and Citrix appsConditional access policies that were available for Web apps can now be applied to Horizon and Citrix apps. With this feature, you can take actions such as block, allow, or step-up authenticate users based on conditions such as the network, device type or AirWatch device enrollment and compliant status to access these applications.
- Conditional access for local usersUsers created locally in VMware Identity Manager can now participate in conditional access policies. This allows you to take actions such as block, allow, or step-up authenticate local users based on conditions such as network, device type, AirWatch device enrollment and compliant status, or application being accessed.
- How-to guide for adding conditional access to your internal apps using OAuth2.0Workspace ONE includes an OAuth 2.0 server that can be used to add authentication and conditional access to your internal enterprise modern apps, such as adding mobile SSO or device compliance check at login time. Refer to these how-to guides and sample app to learn more.
- Self-service Active Directory change passwordWorkspace ONE users can change their Active Directory password anytime from their account settings page. Also, if the Active Directory password expired, the next time users log in to Workspace ONE, they are asked to change their password. This feature is an optional features and requires VMware Identity Manager 2.8 and VMware Identity Manager Connector 2016.11.1 or above to connect to Active Directory.
- Workspace ONE Getting Started wizard in AirWatch consoleIf you are an existing AirWatch customer, enabling the Workspace ONE app has become even simpler. Walkthrough the getting started wizard in the AirWatch admin console, and you are ready to log in to the Workspace ONE app with VMware Identity Manager configured behind the scenes.
- Local directories and users
Create and manage multiple local directories each with its own user schema. For example, you can create a directory for contractors and another one for partners. No need to manage users and groups in Active Directory or LDAP. Use VMware Identity Manager to manage the complete lifecycle (create, update, delete) for the user, including password management, and entitle local users to applications.
- User provisioning to Office 365 and Google AppsCreate, update, and deactivate user accounts in Office 365 and Google Apps when users are assigned or unassigned to these apps. When a user leaves the company, you no longer have to go into the Office 365 or Google Apps admin console to deactivate the user. It can be automated through Workspace ONE. Both local and Active Directory/LDAP users are supported.
- External approval support for Horizon & Citrix appsWorkspace ONE allows for self-service access request for Web applications through external workflow engines. Self-service access request is now available with Horizon and Citrix apps.
- Support for on-premises approval workflow systemsApproval workflow systems which are in on-premises data centers and not accessible from the VMware Identity Manager Cloud can now be integrated through the VMware Identity Manager connector. The VMware Identity Manager connector can route approval request message from the VMware Identity Manager Cloud service to an on-premises approval application and communicate back the response message.
- Microsoft SQL server 2016 supportedWith this release, the Microsoft SQL server 2016 database can be used with VMware Identity Manager, including the Always ON functionality.