VMware Aria Automation uses Workspace ONE Access, the VMware-supplied identity management application to import and manage users and groups. After users and groups are imported or created, you can manage the role assignments for single tenant deployments using the Identity & Access Management page.

VMware Aria Automation is installed using VMware Aria Suite Lifecycle. When installing VMware Aria Automation you must import an existing Workspace ONE Access instance, or deploy a new one to support identity management. These two scenarios define your management options.

  • If you deploy a new Workspace ONE Access instance, you can manage users and groups by using VMware Aria Suite Lifecycle. During installation, you can set up an Active Directory connection using Workspace ONE Access. Alternatively, you can view and edit some aspects of users and groups within VMware Aria Automation using the Identity & Access Management page as described herein.
  • If you use an existing Workspace ONE Access instance, you import it for use with VMware Aria Automation by using VMware Aria Suite Lifecycle during installation. In this case, you can continue to use Workspace ONE Access to manage users and groups, or you can use the management functions in VMware Aria Suite Lifecycle.

See Logging in to tenants and adding users in VMware Aria Automation for more information about managing users under a multi-organization deployment.

VMware Aria Automation users must be assigned roles. Roles define access to features within the application. When VMware Aria Automation is installed with a Workspace ONE Access instance, a default organization is created and the installer is assigned the Organization Owner role. All other VMware Aria Automation roles are assigned by the Organization Owner.

There are three types of roles in VMware Aria Automation: organization roles, service roles, and project roles. For Automation Assembler, Automation Service Broker and Automation Pipelines, user-level roles can typically use resources whereas admin-level roles are required to create and configure resources. Organizational roles define permissions within the tenant; organizational owners have admin-level permissions while organizational members have user-level permissions. Organization owners can add and manage other users.
Organization Roles Service Roles
  • Organization Owner
  • Organization Member
  • Automation Assembler Administrator
  • Automation Assembler User
  • Automation Assembler Viewer
  • Automation Service Broker Administrator
  • Automation Service Broker User
  • Automation Service Broker Viewer
  • Automation Pipelines Administrator
  • Automation Pipelines User
  • Automation Pipelines Viewer

There are also project-level roles not shown in the table. These roles are assigned automatically on a per project basis in Automation Assembler. These roles are somewhat fluid. The same user can be an administrator on one project and a user on another project. For more information, see What are the VMware Aria Automation user roles.