The authentication systems currently used by VMware are being migrated to Broadcom. There are two types of authentication systems: federated and non-federated. Your experience will vary depending on the type of user authentication flow you have provisioned at cloud.console.vmware

You are considered a federated user if you use corporate credentials to log in to the VMware Cloud Services console.

You are considered a non-federated user if you use a VMware ID to log in to the VMware Cloud Services console.

Implications on User Authentication Flow

On May 6th, there is NO impact to federated users. Federated users can continue to login and access VMware Cloud Services as usual. If you had a VMware ID account, that you used to login to Customer Connect for raising support requests or license entitlements, then you need to follow the Broadcom Account activation steps to access Broadcom Support Portal. 

On May 6th, if you are a non-federated user, there WILL be an impact to your user login flow. You must complete the Broadcom Account Activation procedure to login starting from May 6th. 

Read the FAQs below to understand the various scenarios, and actions you need to take. 

FAQs for Federated Users (Using Corporate Credentials to Log In)

Q: What are the different types in which I can federate my Identity Provider with VMware Cloud Services? 

There are three types of federated customers: 

• Type #1 - Pure Connector-less customers: You rely on the SAML authentication protocol using third-party Identity Providers like Okta, PingFederate, etc and Just-In-Time (JIT) for user group provisioning.
• Type #2 - Connector-less for Authentication and Connector for Users and Group provisioning: You rely on the SAML authentication protocol using third-party Identity Providers like Okta, PingFederate, etc and a connector ( connecting to your directory services) for user group provisioning.
• Type #3 - Pure Connector customers: You rely on a connector for both authentication and user group provisioning.

Q: How do I identify which type of a federated customer am I? 

The federation administrator or the organization owner is the one who has completed the SSO setup and is aware of the type of federation used and described as Type#1, Type#2 and Type#3 above.

Q: How is the login to VMware Cloud Services impacted with this change? 

There is no impact on federated customers on or after May 6th. The migration of federated accounts to the Broadcom Identity Provider is scheduled to take place in multiple phases until the end of this year.

If you are a Type #1(pure connector-less customer), starting May 1st, 2024, you will receive detailed instructions on the steps you need to take as an Identity Provider (IdP) Administrator to point your Identity provider to the migrated system. Until the change your logins will continue as it used to be.

Q: I’m a Type #1 - pure connector-less customer. I have still not received my email with instructions to migrate

The migration is occurring in phases until the end of this year. We will reach out to you with instructions within the next 4-6 months. You can use this time to plan this migration. Once you receive the instructions, you will have ample time to migrate your authentication application used in your IDP provider.

Q: I’m a Type #2 - connector only for user and group provisioning. When will I receive the email, and what are my timelines? 

The recommendation for Type #2 customers is to transition to Type #1, completely relying on a connectorless approach for both authentication and user-group provisioning. If you would like to make this change, please reach out to Broadcom Support after July 2024. We will assist you in this process.

However, if you are unable to make this switch, there is no action required from your end until you receive further notice.

Q: I’m a Type #3 - pure connector customer, When will I receive the email, and what are my timelines?

The timeline for migrating pure connector-based customers has not yet been determined. The recommendation for Type #3 customers is to transition to Type #1, completely relying on a connectorless approach for both authentication and user-group provisioning. If you would like to make this change, please reach out to Broadcom Support after July 2024.

However, if you are unable to make this switch, there is no action required from your end until you receive further notice.

Q: I am currently a non-federated customer, but I would like to federate my Identity Provider with VMware Cloud Services. How and when can I accomplish this?

VMware Cloud Services no longer supports the Self-Service Federation setup. Currently, we are not allowing new federations to be established until we complete the migration to Broadcom systems. However, we recognize that compliance may be a concern for you. In such cases, please reach out to Broadcom Support, and we will assist you in any way possible.

FAQs for Non-Federated user (Using VMware ID to login)

Q: How is the login to VMware Cloud Services impacted with this change? 

All VMware accounts are being migrated to Broadcom's Identity Provider. Your VMware account will stop working on May 6, 2024. This means that you must activate your Broadcom account and update your profile information before you can log in using your VMware ID to VMware Cloud Services. You will receive an email from [email protected] with detailed instructions on how to activate your Broadcom account. 

Q: I’m a non-federated user, and I have activated my Broadcom account. I have 2 passwords now. Which one should I use? 

Until May 5th - Continue using your VMware ID password to log in to the VMware Cloud Services console. Starting May 6th - Use the latest password that you configured during the Broadcom Account Activation process to log in to the VMware Cloud Services console.

Q: What are the instructions regarding the Broadcom Account Activation, that I will be receiving via email from Broadcom?

Refer to this to understand the list of steps you need to follow to activate your Broadcom Account.   

Q: I did not receive any email from Broadcom about account activation. What should I do? 

The emails from Broadcom are being sent out in phases starting April 29th, 2024. If you haven’t received an email even after May 4th, 2024, it could be because of one of the following reasons: 

1. You didn’t have a VMware ID account. You were using your corporate credentials to log in to VMware Cloud Services. You can continue to use the same. 
2. You had a VMware ID account, but haven’t used it to log in since Jan 2023. Your account was not migrated as you were considered an in-active user. If you would like to access VMware Cloud Services using this account, follow this KB article. 

If you were using an active VMware ID account, and still haven’t received the email, reach out to Broadcom Support for assistance. 

Q: Why am I not able to login to VMware Cloud Services?

If you are using VMware ID to log in, please ensure you have completed all the steps as instructed in the email sent out by Broadcom. 

If you have completed all the steps successfully, and, yet you are unable to log in, reach out to Broadcom Support for assistance. 

Q. I was using Multi Factor Authentication in VMware Cloud Services. How am I impacted? 

If you are a VMware ID user, and you have enabled organization level MFA mandate in CSP Authentication Policy, you WILL be impacted.  Federated accounts using MFA as part of their IdP’s authentication process will NOT be affected by these changes to VMware Customer Connect accounts.

After April 30, MFA functionality for customers using Customer Connect to log in will change, and organization-level policy will be removed from the CSP portal, after which, multi-factor authentication configuration or modification will be disabled. You cannot perform  new MFA configurations or modifications to existing MFA configurations in CSP. 

• Organization-level MFA policy in the authentication policy page will be disabled. 
• MFA configuration in My Account will be disabled.
• Customer Connect accounts for which MFA was enabled will work as usual and will be prompted for an MFA passcode till the end of the transition period to Broadcom Okta on May 6.

After May 6, all MFA functionality will rely on the Broadcom account MFA support.

• MFA setup will be done as part of the Password Reset process by Broadcom. Refer to this for more information. 
• Not all users will be prompted to enroll for MFA. If some users have not been prompted for MFA, it means these users are not part of the Broadcom site. Refer to this KB to add users to the site. 
• Existing MFA on VMware Customer Connect accounts will no longer be used.
• Only MFA configured on Broadcom accounts will be in effect.

Q: I am currently a non-federated customer, but I would like to federate my Identity Provider with VMware Cloud Services. How and when can I accomplish this?

VMware Cloud Services no longer supports the Self-Service Federation setup. Currently, we are not allowing new federations to be established until we complete the migration to Broadcom systems. However, we recognize that compliance may be a concern for you. In such cases, please reach out to Broadcom Support, and we will assist you in any way possible.