Contrasting VMware Identity Manager with ADFS

I lost count on how many times I ve been asked by an ADFS customer “Why VMware Identity Manager when I already have ADFS?” Since I ve hear it almost every week, I decided to pen it down. Here I go!

VMware Identity Manager(vIDM) can do many things. It can be your primary IDP for federating web applications or can co-exist with an existing IDP such as ADFS.

Following is how vIDM is different from ADFS and this may help you to decide whether to use vIDM or ADFS as a preferred IDP for future applications or think about migrating your existing ADFS applications to vIDM.

vIDM does much more than Federation

Though the name has “Identity” in it, vIDM does much more than Identity. Some of the key features:

  1. Unified app catalog with native mobile application
  2. Conditional access based on factors like location of user, device compliance checks, application blacklisting and so on.
  3. Built-in 2 factor push authentication.
  4. Single touch mobile SSO.
  5. Integration to VMware AirWatch and Horizon

Support for all application types

all apps.png

Key question to ask yourself:

What types of applications do you have in your environment? Do you have iOS or Android apps? Do you have Horizon or Citrix?

vIDM is focused on building the seamless user experience on desktop and mobile across all applications such as:

  1. internal web applications
  2. SaaS applications such as SAP Concur, O365
  3. virtual desktops and apps based on VMware Horizon
  4. native mobile applications
  5. Citrix

Virtual Desktops, applications and native mobile applications are key use cases for many of VMware’s customer which cannot be federated on ADFS.

vIDM is designed and built for Mobile and Cloud

ADFS is based on native Windows Operating System and Active Directory constructs such as STS (Secure Token Service) and Claim Rules. It is built for native domain joined Windows endpoints such as Windows 7,8. This explains why ADFS does not provide a native mobile experience and lacks native mobile single sign on.

vIDM is a modern Identity Provider designed and built for Mobile and Cloud native applications so that users can use any endpoint (iOS, macOS, non-domain joined Windows, domain-joined Windows) for seamless access on WorkspaceONE app on phone and browser.

Self Service and App Catalog for Presentation

ADFS do not provide a portal or application catalog to be presented to users. Users need to bookmark application URLs to be accessed. This causes inconvenience and adds Level 1 helpdesk tickets. The experience becomes worse when users use different devices where they will need to carry their bookmarks with them across devices.

Workspace ONE is unified catalog of all applications that presents single URL and mobile app for applications.  Find the picture below for a taste of it.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s