When activated, VMware Workspace ONE Access authentication can be used with VMware Aria Operations for Logs.

With VMware Workspace ONE Access authentication, users can use a single sign-on for all VMware products that use the same VMware Workspace ONE Access.

Active Directory users can also authenticate through VMware Workspace ONE Access when the Active Directory and VMware Workspace ONE Access servers are synchronized. See VMware Workspace ONE Access documentation for more information about synchronization.

Integration with VMware Workspace ONE Access can be done only with local users. Active Directory users who are assigned a tenant admin role in VMware Workspace ONE Access are not eligible for integration with VMware Aria Operations for Logs.

Prerequisites

Verify that you are logged in to the VMware Aria Operations for Logs web user interface as a Super Admin user, or a user associated with a role that has the relevant permissions. See Create and Modify Roles for more information. The URL format of the web user interface is https://operations-for-logs-host, where operations-for-logs-host is the IP address or host name of the VMware Aria Operations for Logs virtual appliance.

Procedure

  1. Expand the main menu and navigate to Configuration > Authentication.
  2. Select Enable Single Sign-On.
  3. In the Host text box, enter a host identifier for the VMware Workspace ONE Access instance to use for authenticating users .
    For example, company-name.vmwareworkspaceone.com.
  4. In the API Port text box, specify the port to use to connect to the VMware Workspace ONE Access instance. The default is 443.
  5. Optionally, enter the VMware Workspace ONE Access tenant. The tenant is required only if the tenant mode is configured as tenant-in-path in VMware Workspace ONE Access.
  6. Specify VMware Workspace ONE Access user credentials in the Username and Password text boxes.
    This information is used only once during configuration for creating a VMware Aria Operations for Logs client on VMware Workspace ONE Accessand is not stored locally in VMware Aria Operations for Logs. The user must have permission to run API commands against the tenant.
  7. Click Test Connection to verify that the connection works.
  8. If the VMware Workspace ONE Access instance provides an untrusted SSL certificate, a dialog box appears with the details of the certificate. Click Accept to add the certificate to the truststores of all the nodes in the VMware Aria Operations for Logs cluster.
    If you click Cancel, the certificate is not added to the truststores and the connection with the VMware Workspace ONE Access instance fails. You must accept the certificate for a successful connection.
  9. In the Redirect URL Host drop-down menu, select the Hostname or IP to be used in Redirect URL for registering on VMware Workspace ONE Access.
    If at least one virtual IP is defined for the Integrated Load Balancer, VMware Workspace ONE Access redirects to the VIP selected. If the Integrated Load Balancer is not configured, the primary node's IP address is used instead.
  10. Select whether to allow log in support for Active Directory users through VMware Workspace ONE Access.
    You can use this option for Active Directory users when VMware Workspace ONE Access is synchronized with that Active Directory instance.
  11. Click Save.
    If you did not test the connection and the VMware Workspace ONE Access instance provides an untrusted certificate, follow the instructions in step 9.