In the earlier site we remapped a provider (neighborhood) consumer to a SAML identification provider federation. In this website we will remap a tenant (regional) consumer to a SAML id service provider federation.
As of VCD 10.4.1 remapping a user is accessible only as an API aspect. Thus, for all subsequent techniques, use an API consumer of your option. In my examples below, I am employing Postman to perform remapping.
Pre-requisite: Make sure the Identity Company federation to which you want to remap user to is precisely configured.
- Login to VMware Cloud Director as an administrator (tenant or procedure administrator) and identify the user you want to remap. Here, the user I am remapping is ‘testuser’. This consumer is a nearby consumer and owns 1 vApp named ‘Testuser vApp’ (as proven under).
- Login working with the API as the administrator either applying their qualifications (area or LDAP), IDP issued tokens (SAML or OAuth) or VCD’s API Token.
API: Publish “https”//api_host/cloudapi/1../sessions”
- Retrieve the urn id of ‘testuser’ from question end users API.
API: GET “https://api_host/cloudapi/1../users”
Now, working with this urn id, fetch total facts of the consumer. Refer to Get Consumer
API: GET “https://api_host/cloudapi/1../buyers/urn:vcloud:consumer:746cf0d9-788b-4aef-9fba-76f2ce49d33c”
- Copy complete facts of the user from earlier stage and edit pursuing qualities for use as human body of the subsequent Set ask for.
- Update the ‘username’ to replicate the user’s username in the new Identity Supplier. Even though this case in point demonstrates a distinctive username getting applied, it is attainable to have less difficult updates like switching from username to e-mail handle, and so forth.
- Update the ‘providerType’ centered on the type of new Identification Company. New values of ‘providerType’ could be OAUTH, SAML, Local, LDAP.
Deliver Put ask for for the user to be remapped. Refer to update user for more perception on this API.
API: Set “https://api_host/cloudapi/1../customers/urn:vcloud:consumer:746cf0d9-788b-4aef-9fba-76f2ce49d33c”
The user ‘testuser’ has now been remapped to the tenant’s SAML identity service provider and its username has been remapped to ‘[email protected]’.
The remapped user can now login employing Solitary Signal On.
When logged in as the consumer just after the change:
- The username revealed in leading-ideal corner is updated to their new username
- The sources owned by this consumer remain unchanged.
Users can be remapped from just one IDP federation to a different employing the similar process. If you are remapping a consumer to ‘LOCAL’ company variety, in addition to updating the provider kind update password in the system of Put ask for.
Forthcoming releases would incorporate increased functionalities for this feature for a clean transition.
You can obtain a demo movie to remap a tenant person in this article.