With the announcement of the deprecation of VMware Identity Manager (vIDM, formerly known as Workspace One Access), support for vIDM in NSX is also being deprecated.

This is the result of adopting a common infrastructure across all VCF components for single sign-on and integration with external Identity Providers using VMware Identity Broker (vIDB).

Support for vIDM will continue to be available and supported in NSX until it is removed in a future release.

Users should plan to move from vIDM to vIDB / VCF SSO before the feature is removed in NSX to avoid disruptions.

vIDB replaces the legacy SSO mechanisms such as Enhanced Linked Mode (ELM), which is no longer used in VCF9.X.

When deploying VCF9, you have two options for deploying vIDB. The first is to use vCenter as an embedded broker, or you can deploy a vIDB instance or cluster.

The main design concerns here is that typically we would want high availability (HA) for our identity broker services, and we also want to remove vCenter as a single point of failure that would prevent us from logging into VCF using SSO credentials if the vCenter is offline.

Using the embedded vIDB configuration would be most ideal for POC or home lab use, as it uses less resources in your Management Domain.