VMware Cloud Director has a new function extra in 10.4.1 release which gives adaptability to alter Id Vendors as for each your selection and ease, without having getting rid of the sources assigned to the customers. VMware Cloud Director supports Lightweight Directory Accessibility Protocol (LDAP), Security Assertion Markup Language (SAML) and OpenId Hook up (OIDC) protocols for authentication. You can swap in between these protocols or migrate to a various identification company with relieve by remapping current users to their identity in yet another Identity Service provider. This website demonstrates how to use the consumer management API to carry out this.
In addition, VMware Cloud Director has announced the deprecation of aid for neighborhood buyers starting with 10.4.1 release (release notes). VMware Cloud Director’s marketplace-compliant integrations with exterior Identification Suppliers materials added benefits of most present day and secure authentication strategies to its consumers. Shoppers can avail all the features this kind of as Two Factor Authentication/Multi Aspect Authentication, biometric integrations, wise card integrations, and so forth. with VMware Cloud Director. It also aids shoppers staying up to day with all potential progress in authentication systems.
Next is an instance to remap company (neighborhood) user to a SAML identity company federation. As of VMware Cloud Director 10.4.1, remapping a user is offered only as an API feature. Consequently, for all subsequent steps use an API client of your option. In my examples beneath, I am using Postman to execute remapping.
Pre-requisite: Make guaranteed the Identity Service provider federation to which you want to remap person to is properly configured.
- Login to VMware Cloud Director as an administrator (tenant or process administrator) and establish the person you want to remap. Below, the person I am remapping is ‘demouser’. This person is a nearby consumer.
- Login making use of the API as the administrator possibly utilizing their credentials (local or LDAP), IDP issued tokens (SAML or OAuth) or VMware Cloud Director’s API Token.
API: Article “https”//api_host/cloudapi/1../sessions”
- Retrieve the urn id of ‘demouser’ from question buyers API.
API: GET “https://api_host/cloudapi/1../users”
Now, making use of this urn id, fetch complete details of the user. Refer to Get Consumer for extra insight on this API.
API: GET “https://api_host/cloudapi/1../people/urn:vcloud:person:bafe9a31-1810-4108-8754-3ece52a4e963”
- Copy finish information of the user from former step and edit next qualities for use as system of the subsequent Set request.
- Update the ‘username’ to reflect the user’s username in the new Identity Service provider. While this case in point exhibits a distinct username currently being employed, it is feasible to have simpler updates like switching from username to email deal with, and many others.
- Update the ‘providerType’ based on the form of new Identification Provider. New values of ‘providerType’ could be OIDC, SAML, Area, LDAP.
Mail Place ask for for the person to be remapped. Refer to update consumer for extra perception on this API.
API: Place “https://api_host/cloudapi/1../consumers/urn:vcloud:user:bafe9a31-1810-4108-8754-3ece52a4e963”
The person ‘demouser’ has now been remapped to the tenant’s SAML identity provider and their username has been remapped to ‘[email protected]’.
Buyers can be remapped from one IDP federation to another employing the very same system. If you are remapping a consumer to ‘LOCAL’ service provider type, in addition to updating the provider sort update password in the system of Put request.
In following section of this web site collection, we will remap a tenant person.
Verify out all of the newest improvements in VMware Cloud Director 10.4.