Translate

Total Pageviews

My YouTube Channel

My YouTube Channel

Wednesday 20 March 2019

NSX-T Roles Assignments

You can add, change, and delete role assignments to users or user groups if VMware Identity Manager is integrated with NSX-T.
vIDM = VMware Identity Manager
Prerequisites
Verify that a vIDM host is associated with NSX-T. For more information.

How to Assign NSX-T Roles
1. Add an AD Domain to vIDM
  • Login to vIDM
  • Identity and Access Management > Directories > Add Directory > Add Active Directory over LDAP/IWA
  •  Configure Domain Details > Save and Next
     
  •  Click Next

  • Click Next
  • Search For Group in specific OU or complete Domain > Click on Next
  •  Search Specific Users that you want to sync > Click on Next
  • Click on Add Directory > Sync Will Start
  • To know the sync status > Click on Refresh Page 




2. Create OAuth Client for NSX Manager in vIDM
  • Catalog > Settings

  • Remote App Access > Create Client

  • Configure the client details > Add > Copy Client ID and Shared Secret (It's needed in the next step)



3. Gather vIDM Appliance Thumbprint
Login to vIDM Appliance
sudo -s
enter root account password
cd /usr/local/horizon/conf
openssl x509 -in (vidm appliance fqdn)_cert.pem -noout -sha256 -fingerprint
copy the fingerprint, It's needed in next step 

4. Integrate vIDM with NSX Manager

Login to NSX Manager UI > Systems Category > Users > Configuration > Edit > Enter
vIDM Appliance FQDN, Client ID, Shared Secret, Thumprint that we have discussed in previous step > Click on SAVE


5. Assign NSX Roles to AD User
System > Users > Role Assignments > Search User > Select Role > Add
NSX-T has the following built-in roles. You cannot add any new roles.
  1. Enterprise Administrator
  2. Auditor
  3. Network Engineer
  4. Network Operations
  5. Security Engineer
  6. Security Operations
  7. Cloud Service Administrator
  8. Cloud Service Auditor
  9. Load Balancer Administrator
  10. Load Balancer Auditor
Cloud Service Roles are available only when you have NSX Cloud.

After an Active Directory (AD) user is assigned a role, if the username is changed on the AD server, you need to assign the role again using the new username.

For more info about roles click here



6. Now verify the role assignment,
Logout from existing user > Login from new user to verify role assignment is done correctly or not




Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)