10views
In Part 3 of the VCF 9 SSO series, we’ll be integrating VCF Operations, Logs and Automation with the Identity Broker.
First up – Operations.
Log into Operations as the Local Administrator, browse to Fleet Management/Identity and Access. Click on Operations appliance.
Click Continue and then we can select the Identity Broker cluster.
We’ll get the warning for the role mapping requirement:
Confirm and Continue.
Now we can set a role mapping from the SSO Source. Click Administration/Control Panel/Access Control/User Groups.
Click Import from Source
Add the group and click Finish.
Then Edit the group and assign the Administrator role for All Objects.
Click Save, and we’re finished with Operations.
Next up – Automation.
The first step is the same as Operations – go back to Fleet Management / Identity and Access, select automation appliance and “Configure”
We get the same warning again about Role Mappings.
The link in the above warning will open the automation console for you, open it in a new tab and log in with the built-in admin account.
In the left panel, click Access Control, then groups. Import Groups.
Add the AD Group name, and assign the role then click save. That’s Automation finished!
Lastly – we’ll configure Logs.
Go back to Fleet Management / Identity and Access. Select “VCF Other Components” and then click Continue.
We’ll be prompted with the following. Add the name for the client, and click “Generate OIDC Client”.
Now log into Logs as the local admin, browse to Configuration then Authentication. Click Edit on the VCF SSO section.
Copy and Paste the values from the OIDC Client and click Test Connection.
Accept the SSL Cert.
And now we should see a “Success” notification.
Click Save and we will see that VCF SSO is enabled.
Remember to go back to Operations and click Save on the new client.
I also had to edit the client to fix the URIs. By default these were configured with the IP address, but I updated to the FQDNs.
Now we can add a role mapping. Browse to Management / Access Control.
Click New Group and fill the details.
Click Save.
And that’s it, we’re done! Active Directory SSO has now been configured for Operations, Automation and Logs.
add a comment
VCF 9 – Deploy VCF Operations for Logs
In this blog post, we’ll be deploying VCF Operations for Logs. Deploying Operations for Logs in VMware Cloud Foundation allows...
vSphere 8 to VCF 9 Upgrade Process
For this example, we’ll be showing how to upgrade/converge a basic vSphere 8 environment without VCF to VCF 9. First,...
VCF 9 – Enable and Configure SSO Part 2 (vCenter / NSX)
In Part 1, I showed how to connect the Identity Broker to your Active Directory. In Part 2 we’ll be configuring the role mappings in vCenter and NSX. First, we need to link the products to the SSO Provider. Click “Edit” and we can select the NSX Manager and vCenters to enable. Note the warning at the top regarding ELM. Enhanced Linked Mode is going away in VCF 9, and there will be a procedure to unlink your vCenters for Brownfield environments. When you click configure you’ll get a warning....
VCF 9 – Enable and Configure SSO Part 1 (Active Directory)
Today we’re going to be going through the steps of configuring SSO across the VCF components and integrating with Active...
