Latest Posts



Translate

Total Pageviews

Monday, 6 June 2016

Active Directory Integration with Directories Management through VMware vRA 7 vIDM

In VMware vRA 7 at the time of tenant creation it is not possible to assign the tenant admin and infra admin roles to Domain Users, you can only assign these roles to local users those can be created while creating the tenant. Then after that you need to login as tenant administrator in that tenant url and integrate the active directory to assign these roles to domain users.You must use the Directories Management feature to configure a link to Active Directory to support user authentication for all tenants and select users and groups to sync with the Directories Management directory.
There are two Active Directory connection options: Active Directory over LDAP, and Active Directory (Integrated Windows Authentication). An Active Directory over LDAP connection supports DNS Service Location lookup by default. With Active Directory (Integrated Windows Authentication), you configure the domain to join.

Prerequisites
■ Connector installed and the activation code activated.
■ Select the required default attributes and add additional attributes on the User Attributes page.
■ List of the Active Directory groups and users to sync from Active Directory.
■ For Active Directory over LDAP, information required includes the Base DN, Bind DN, and Bind DN password.
■ For Active Directory Integrated Windows Authentication, the information required includes the domain's Bind user UPN address and password
■ If Active Directory is accessed over SSL, a copy of the SSL certificate is required.
■ For Active Directory (Integrated Windows Authentication), when you have multi-forest Active Directory configured and the Domain Local group contains members from domains in different forests, make sure that the Bind user is added to the Administrators group of the domain in which the Domain Local group resides. If this is not done, these members will be missing from the Domain Local group.
■ Log in to the vRealize Automation console as a tenant administrator.

Step by Step of Active Directory Integration with Directories Management through VMware vRA 7 vIDM

1. Login as Tenant Administrator Role User > Administration Tab > Directories Management > Directories > Add Directory > Provide the required details as needed in your environment > Click on Save and Next


2. Verify domain name is selected or not (it must be selected) > Click on Next



3. Verify users attributes are mapped to the correct active directory attributes or not. If not, you can map it correctly > Click on Next


4. Add Group DNs to Search > Click on Find Groups


5. Click on Select to add the users those are searched through DNs


6. Select the appropriate groups > click on save


7. Click on Next


8. Enter the User DNs to Search > Click on Save


9. Review the changes like users/groups those will be added or removed or updated > Click on Sync Directory.
Note:- If you want to modify sync interval you can click on Edit Option


10. Sync has been started. Once completed you can use these users and groups to assign various roles in vRA.


Now i can use these users and groups to assign various roles in VMware vRA 7.

Some Useful Links for vIDM:-
http://blogs.vmware.com/management/2016/02/identity-management-vrealize-automation-7.html
VMware Documentation