Remap VMware Cloud Director™️ users to new Identity Providers – Part 2: Tenant users

3 min read

In the earlier site we remapped a provider (neighborhood) consumer to a SAML identification provider federation. In this website we will remap a tenant (regional) consumer to a SAML id service provider federation.

As of VCD 10.4.1 remapping a user is accessible only as an API aspect. Thus, for all subsequent techniques, use an API consumer of your option. In my examples below, I am employing Postman to perform remapping.

Pre-requisite: Make sure the Identity Company federation to which you want to remap user to is precisely configured.

  1. Login to VMware Cloud Director as an administrator (tenant or procedure administrator) and identify the user you want to remap. Here, the user I am remapping is ‘testuser’. This consumer is a nearby consumer and owns 1 vApp named ‘Testuser vApp’ (as proven under). Graphical user interface, application, websiteDescription automatically generated Graphical user interface, applicationDescription automatically generated
  1. Login working with the API as the administrator either applying their qualifications (area or LDAP), IDP issued tokens (SAML or OAuth) or VCD’s API Token.
    API: Publish “https”//api_host/cloudapi/1../sessions” Graphical user interface, textDescription automatically generated
  1. Retrieve the urn id of ‘testuser’ from question end users API.
    API: GET “https://api_host/cloudapi/1../users” Graphical user interface, text, applicationDescription automatically generated
    Now, working with this urn id, fetch total facts of the consumer. Refer to Get Consumer
    API: GET “https://api_host/cloudapi/1../buyers/urn:vcloud:consumer:746cf0d9-788b-4aef-9fba-76f2ce49d33c” TextDescription automatically generated
  1. Copy complete facts of the user from earlier stage and edit pursuing qualities for use as human body of the subsequent Set ask for.
    • Update the ‘username’ to replicate the user’s username in the new Identity Supplier. Even though this case in point demonstrates a distinctive username getting applied, it is attainable to have less difficult updates like switching from username to e-mail handle, and so forth.
    • Update the ‘providerType’ centered on the type of new Identification Company. New values of ‘providerType’ could be OAUTH, SAML, Local, LDAP.

    Deliver Put ask for for the user to be remapped. Refer to update user for more perception on this API.
    API: Set “https://api_host/cloudapi/1../customers/urn:vcloud:consumer:746cf0d9-788b-4aef-9fba-76f2ce49d33c” A screenshot of a computerDescription automatically generated

The user ‘testuser’ has now been remapped to the tenant’s SAML identity service provider and its username has been remapped to ‘[email protected]’.

Graphical user interface, application, websiteDescription automatically generated

The remapped user can now login employing Solitary Signal On.

Graphical user interface, application, websiteDescription automatically generated

When logged in as the consumer just after the change:

  • The username revealed in leading-ideal corner is updated to their new username
  • The sources owned by this consumer remain unchanged.

Graphical user interface, applicationDescription automatically generated

Users can be remapped from just one IDP federation to a different employing the similar process. If you are remapping a consumer to ‘LOCAL’ company variety, in addition to updating the provider kind update password in the system of Put ask for.

Forthcoming releases would incorporate increased functionalities for this feature for a clean transition.

You can obtain a demo movie to remap a tenant person in this article.

Source backlink

You May Also Like

More From Author