Configuring Certificate (Cloud Deployment) Authentication Method

April 15, 2019

Configuring Certificate (Cloud Deployment) Authentication Method

The 19.03 release of VMware Identify Manager brings many advantageous changes, not the least of which is the Certificate (Cloud Deployment) authentication method.

You can see the Certificate (Cloud Deployment) in action at:

The embedded connector that was originally used for certificate-based authentication has been removed. The new method—Certificate (Cloud Deployment)—is easier to set up and now performs certificate-based authentication in the DMZ. Contrary to its name, it does not use cloud services! It runs in outbound mode, which means your clients communicate with the services, not with the connector. You are not required to use a separate port, but if your network design calls for it, you can. By default, this port is 7443.

The Certificate (Cloud Deployment) is easy to activate. Just pop open your VMware Identity Manager, navigate to Identity & Access Management > Authentication Methods, and select the Certificate (Cloud Deployment). You enable the Certificate Adapter, and then select a root CA certificate and any intermediate certificates.

The Certificate (Cloud Deployment) window contains a variety of parameters which you can tweak or accept their default values. For example, you can determine how the user is identified in the user certificate, how to check for revocation, and more.

And verifying that your new authentication method is activated properly is just as easy. Simply review the details window of the built-in Certificate (Cloud Deployment). You should also edit your access policy to use the new built-in Certificate (Cloud Deployment) authentication method. Now, if you do not redirect users to a separate FQDN and port, you are finished.

On the other hand, if you want to redirect users to a separate FQDN and port, then you have a few more steps ahead of you. If you change the FQDN you need to upload a separate certificate to be used, plus the private key of the certificate. You also need to configure the redirection settings.

For more details

You can see these enhancements in action and how the configuration is done in the Certificate (Cloud Deployment) video mentioned above. For more information, see VMware Identity Manager 19.03 Release Notes.


Filter Tags

Workspace ONE Workspace ONE Access Blog Announcement Overview