I want to post this because I've found the documentation and steps very unclear from VMware in regards to this. Say your security policy requires federated identities. Put simply you CANNOT just use a VMware account you create in the cloud; you MUST use your on-prem credentials (we'll use AD in this case). So how do you do that? Well it's a combination of VMware Identity Manager Connector and a VMware Identity Manager* tenant in the cloud.