Setup Active Directory Integration in vRealize Automation 7

vRA Icon

After we have created our first tenant the next step will be to integrate user authentication via Active Directory. To being doing so, we must first log in to our default tenant as our tenant administrator. Navigate to https:// FQDN of vRA Appliance/vcac/org/vsphere.local. Enter in the username and password of the tenant administrator.

ad1

Navigate to Administrator > Directories. Click Add Directory.

ad2

Enter in a name for the directory. Select Active Directory (Integrated Windows Authentication). In the Sync Connector drop down, select the vRA appliance name.

ad3

Now under the Join Domain Details section, enter the name of the domain and a username and password of a Domain Admin. For the Bind User UPN, enter in a Domain Admin account using the format username@domain.local. Enter the password for that user and click Save & Next.

ad4

Select the domain. Click Next.

ad5

Here we can make changes to user attributes that will be synced in the directory. We will leave everything at the default value. Click Next.

ad6

Here, we will specify what users we want to sync with the directory. You can make this as granular as you want and you can add multiple user DNs. I want to sync the entire domain so will enter the domain DN. Click Save.

ad9

Do the same thing for the groups that you want to sync. Click Save

ad8

Now that we have what users and group we want, we can click Save and Sync and let the directory sync begin. Depending on how big your Active Directory structure is, this could take a while but once its done the initial sync, all syncs afterward will only be delta syncs. So when you add a user to a group that is already synced as a part of your vRA directory users, it will only add the new user and not have to sync the entire group. By default, directory syncs occur once a week. That setting can be changed later under Administration > Directories > Your Directory Name > Sync Settings > Sync Frequency.

ad10

This is just to let you know that they sync will work in the background as you continue to work within the console.

ad11

Once your sync is complete, you can begin by adding Active Directory users to Tenant and IaaS administrators, Fabric administrators and business groups, and custom groups.

ad12

That’s it! Now when you navigate to a tenant URL you can select your domain to sign into vRA with a domain user.

ad1_1

2 thoughts on “Setup Active Directory Integration in vRealize Automation 7

  1. Pingback: Configuring an Endpoint in vRealize Automation 7 – Let's v4Real
  2. Pingback: Newsletter: February 25, 2017 | Notes from MWhite

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s