In the past site we remapped a supplier (neighborhood) person to a SAML identification company federation. In this site we will remap a tenant (nearby) person to a SAML id supplier federation.
As of VCD 10.4.1 remapping a user is accessible only as an API characteristic. So, for all subsequent techniques, use an API consumer of your selection. In my examples under, I am making use of Postman to perform remapping.
Pre-requisite: Make absolutely sure the Identity Provider federation to which you want to remap user to is correctly configured.
- Login to VMware Cloud Director as an administrator (tenant or program administrator) and determine the consumer you want to remap. Listed here, the user I am remapping is ‘testuser’. This user is a regional consumer and owns one vApp named ‘Testuser vApp’ (as revealed underneath).
- Login employing the API as the administrator possibly utilizing their qualifications (area or LDAP), IDP issued tokens (SAML or OAuth) or VCD’s API Token.
API: Post “https”//api_host/cloudapi/1../sessions”
- Retrieve the urn id of ‘testuser’ from question buyers API.
API: GET “https://api_host/cloudapi/1../users”
Now, working with this urn id, fetch finish information and facts of the consumer. Refer to Get Person
API: GET “https://api_host/cloudapi/1../end users/urn:vcloud:person:746cf0d9-788b-4aef-9fba-76f2ce49d33c”
- Copy total facts of the person from previous step and edit adhering to houses for use as entire body of the subsequent Put ask for.
- Update the ‘username’ to reflect the user’s username in the new Identity Company. Though this case in point shows a unique username currently being used, it is feasible to have more simple updates like switching from username to e mail handle, and so on.
- Update the ‘providerType’ primarily based on the type of new Id Supplier. New values of ‘providerType’ could be OAUTH, SAML, Nearby, LDAP.
Ship Set request for the user to be remapped. Refer to update person for extra perception on this API.
API: Place “https://api_host/cloudapi/1../buyers/urn:vcloud:consumer:746cf0d9-788b-4aef-9fba-76f2ce49d33c”
The user ‘testuser’ has now been remapped to the tenant’s SAML identity supplier and its username has been remapped to ‘[email protected]’.
The remapped person can now login working with One Indication On.
When logged in as the person following the adjust:
- The username shown in leading-suitable corner is updated to their new username
- The sources owned by this consumer remain unchanged.
Customers can be remapped from one particular IDP federation to a further making use of the similar approach. If you are remapping a person to ‘LOCAL’ supplier sort, in addition to updating the provider kind update password in the entire body of Put request.
Forthcoming releases would consist of enhanced functionalities for this feature for a smooth transition.
You can obtain a demo movie to remap a tenant person in this article.