VMware Cloud Director has a new function additional in 10.4.1 release which presents overall flexibility to alter Id Providers as per your option and convenience, without having shedding the assets assigned to the end users. VMware Cloud Director supports Light-weight Listing Entry Protocol (LDAP), Safety Assertion Markup Language (SAML) and OpenId Link (OIDC) protocols for authentication. You can change concerning these protocols or migrate to a diverse identification supplier with simplicity by remapping present people to their identity in another Id Supplier. This blog site demonstrates how to use the person administration API to achieve this.
On top of that, VMware Cloud Director has introduced the deprecation of assist for area consumers beginning with 10.4.1 release (launch notes). VMware Cloud Director’s sector-compliant integrations with external Id Providers materials advantages of most fashionable and safe authentication strategies to its shoppers. Shoppers can avail all the capabilities these as Two Factor Authentication/Multi Component Authentication, biometric integrations, wise card integrations, and so on. with VMware Cloud Director. It also aids shoppers being up to day with all potential advancements in authentication technologies.
Following is an illustration to remap provider (neighborhood) user to a SAML id provider federation. As of VMware Cloud Director 10.4.1, remapping a user is obtainable only as an API characteristic. Therefore, for all subsequent actions use an API consumer of your selection. In my illustrations underneath, I am using Postman to carry out remapping.
Pre-requisite: Make positive the Identity Supplier federation to which you want to remap consumer to is correctly configured.
- Login to VMware Cloud Director as an administrator (tenant or method administrator) and identify the person you want to remap. Listed here, the consumer I am remapping is ‘demouser’. This consumer is a community consumer.
- Login making use of the API as the administrator both utilizing their credentials (nearby or LDAP), IDP issued tokens (SAML or OAuth) or VMware Cloud Director’s API Token.
API: Article “https”//api_host/cloudapi/1../sessions”
- Retrieve the urn id of ‘demouser’ from query customers API.
API: GET “https://api_host/cloudapi/1../users”
Now, applying this urn id, fetch complete details of the person. Refer to Get Person for extra insight on this API.
API: GET “https://api_host/cloudapi/1../end users/urn:vcloud:user:bafe9a31-1810-4108-8754-3ece52a4e963”
- Duplicate complete facts of the user from former phase and edit pursuing homes for use as human body of the subsequent Set ask for.
- Update the ‘username’ to mirror the user’s username in the new Id Provider. Although this case in point demonstrates a distinctive username becoming made use of, it is probable to have less difficult updates like switching from username to e mail address, and so forth.
- Update the ‘providerType’ based on the type of new Identity Service provider. New values of ‘providerType’ could be OIDC, SAML, Area, LDAP.
Deliver Put ask for for the person to be remapped. Refer to update person for extra perception on this API.
API: Set “https://api_host/cloudapi/1../end users/urn:vcloud:person:bafe9a31-1810-4108-8754-3ece52a4e963”
The consumer ‘demouser’ has now been remapped to the tenant’s SAML identification supplier and their username has been remapped to ‘demouser@service provider.com’.
Consumers can be remapped from just one IDP federation to one more using the very same course of action. If you are remapping a user to ‘LOCAL’ company kind, in addition to updating the supplier type update password in the overall body of Place request.
In future portion of this site collection, we will remap a tenant user.
Verify out all of the most up-to-date enhancements in VMware Cloud Director 10.4.