You can specify the external login provider details as an alternative login method.

Prerequisites

Ensure that you have the external login provider credentials.

Procedure

  1. Click Global Settings > System Configuration > External Login Providers.
  2. Click the LDAP tab and enter the following details.
    Parameter Description

    Anonymous Access
    To acquire anonymous access, select the check box.
    Note: If you select the check box, you do not require the Bind DN and Password.

    Bind DN

    An object you bind to inside LDAP that gives the permission to perform an action.

    Enter the Bind DN to obtain an identity that performs the operation.

    Password

    Enter the Bind DN password.

    Search base DN

    The point from which a server searches for users. After finding a user, the full DN is used to bind to the given password.

    Enter the search base DN name.

    LDAP login attribute

    		 The name used for the bind to the LDAP database.

    Enter the name in the text box.
    First name field Enter the first name in the text box.
    Last name field Enter the last name in the text box.
    Use SSL Select the check box to use a Secure Socket Layer (SSL) protocol.
    Host Enter the IP address of the LDAP server.
    Port Enter the unique number of the server.
  3. Click the Test Connection button to verify if the LDAP Configuration is correct.
  4. To configure RADIUS, click the RADIUS tab and enter the following details.
    Parameter Description

    Enable RADIUS

    To activate the RADIUS service, select the check box.

    Host

    The IP address of the host.

    Enter the IP address of the host.

    Port

    Enter the unique number for the service.

    Secret

    Enter the secret or password for the service.

    Encryption

    		 Select the encryption standard from the drop-down menu.
    User Policy

    Authorized users are assigned selected roles automatically on login. This setting only append roles. No roles are removed for any existing users.

    Assign default roles to every user authorized through RADIUS.
    1. From the left column, select the roles you want to assign for the user.
    2. Click the right arrow button (>) to assing the selected roles to the user.
      Note: You can also remove any roles from the user by selecting the roles in Selected Roles column and clickcing the left arrow button (<) .
    New User Default Flow Roles Select the required role from the drop-down menu.
    Note: The authorized users are assigned the selected roles automatically after logging in to VMware BMA. This setting will only append roles and not no roles are removed for any existing users.
    Use Identity Provider Mapped Roles Select this check box to activate RADIUS Authorization via Vendor Supported Attributes.

    You can obtain mapped roles directly from an Identity Provider.
  5. To configure SAML, click the SAML tab and enter the following details.

    Ensure that you have SAML credentials and that you are a registered user. Deleted users and users who are marked as inactive cannot log in through SAML. Existing users who are not active can only log in locally.

    Parameter Description

    Enable SAML

    Select this check box to activate the SAML service

    Format

    All IdP metadata is received either from a given URLor XML.

    Select the required format from the drop-down menu.

    Identity Provider Metadata URL/XML

    The URL or XML of the identity provider metadata.

    Enter the URL or XML in the text box.

    Button text

    The SAML button text that will appear on the login page.

    Enter the button text in the text box.

    Username attribute

    		 The attribute names (SAML claims) returned from the IdP for username.

    Enter the user name in the text box.

    First name attribute

    		 The attribute names (SAML claims) returned from the IdP for username.

    Enter the first name in the text box.

    First name attribute

    		 The attribute names (SAML claims) returned from the IdP for username.

    Enter the last name in the text box.
    Max Authentication Age The maximum duration an authentication can last.

    Enter the time in the text box.

    Assertion Consumer Service

    		 Displays the assertion consumer service URLs.

    These URLs are sent to your Identity Prvider as you configure it for VMware Bare Metal Automation for VMware Telco Cloud Platform.

    Verify if the auto-generated URL is correct.

    Single Logout Service

    		 Displays the assertion consumer service URLs.

    These URLs are sent to your Identity Prvider as you configure it for VMware Bare Metal Automation for VMware Telco Cloud Platform.

    Verify if the auto-generated URL is correct.
    Entity ID Displays the assertion consumer service URLs.

    These URLs are sent to your Identity Prvider as you configure it for VMware Bare Metal Automation for VMware Telco Cloud Platform.

    Verify if the auto-generated URL is correct.
    User Policy The default role a new user is assigned after the first authorization through SAML.

    Authorized users are assigned selected roles automatically on login.

    1. From the left column, select the roles you want to assign for the user.
    2. Click the right arrow button (>) to assing the selected roles to the user.
      Note: You can also remove any roles from the user by selecting the roles in Selected Roles column and clickcing the left arrow button (<) .
    Identity Provider Mapped Flow Roles Allows IdP groups to be mapped with a prefix to Pliant roles.

    Select the check box to use identity provider mapped flow roles.
    Role Attribute The type of the role.

    Enter the type of the role.
    Role Prefix Enter the prefix of the role.

    VMware maps IdP groups with the given prefix to VMware user roles. Roles that do not match the Idp groups, nor the default VMware flow roles are revoked from the user on their next login.
  6. Click Save.