Using VMware Identity Manager to transform users between Active Directory domains..
I get a lot of questions about how to solve Single Sign-On (SSO) of users between two Active Directories without trust. Using the federation protocol SAML and VMware Identity Manager this is easy to achieve.
In my example we have two Domains, A and B. Users in Domain A wants to access resources in Domain B without being prompted for username or password.
- You need two VMware Identity Managers. One in each domain.
- Federate the resource (a web server in my example) in Domain B to VMware Identity Manager in Domain B
- A user object representing the user must exist in both Domains. One user attribute must be shared across the two domains. In my example I use the Email attribute. The attribute you choose must uniquely identify the user.
If your resource is a Windows application, VMware Horizon and the feature TrueSSO can be used to achieve SSO access for Domain A users into a Windows application running in Domain B.
Read the entire article here, Using VMware Identity Manager to transform users between Active Directory domains – Horizon Tech Blog
via the fine folks at VMware!