Managing Groups in VMware Cloud Director

If you have a valid connection to an LDAP server or have enabled your VMware Cloud Director organization to use a SAML identity provider, you can import an LDAP group or a SAML group. You can also edit or delete an imported group.

Import a Group Using Your VMware Cloud Director Tenant Portal

To add a group of VMware Cloud Director users, you can import an LDAP, SAML, or OIDC group.

You can import an LDAP, SAML, or OIDC group, enter the group names and assign a role.

Prerequisites

Verify that you are logged in as an organization administrator or a role with equivalent set of rights.
Verify that you have a valid connection to an LDAP server or that you enabled your organization to use a SAML identity provider.
If you want to use OIDC, Configure Your System to Use an OpenID Connect Identity Provider Using Your VMware Cloud Director Tenant Portal.

Procedure

From the primary left navigation panel, select Administration.
From the secondary left panel, under Access Control, select Groups.
The list of user groups appears.
Click Import Group.

Select a source from which you want to import the user group.

You can only view the source LDAP, SAML, or OIDC server that you configured as an identity provider.

Source	Action
LDAP	Import a user group from an LDAP server. Enter a full or partial name in the text box, and click Search. Select the user groups that you want to import, and click Add.
SAML	Enter the names of the groups that you want to import in the name identifier format supported by the SAML identity provider. Use a new line for each group name. From the Assign Role drop-down menu, select a role for the users in the imported groups.
OIDC	Enter the names of the groups that you want to import in the name identifier format supported by the OIDC identity provider. Use a new line for each group name. From the Assign Role drop-down menu, select a role for the users in the imported groups.

Select the role which you want to assign to the group of users that you import.
Click Save.

What to do next

If you enabled quotas configuration for the group and VMware Cloud Director redirects you to the Quotas page, see Manage the Resource Quotas of a Group Using Your VMware Cloud Director Tenant Portal.

Delete a Group Using Your VMware Cloud Director Tenant Portal

You can remove a group from your VMware Cloud Director organization by deleting their LDAP group.

When you delete an LDAP group, users who have a VMware Cloud Director account based solely on their membership in that group are stranded and cannot log in.

Prerequisites

Verify that you are logged in as an organization administrator or a role with equivalent set of rights.

Procedure

From the primary left navigation panel, select Administration.
From the secondary left panel, under Access Control, select Groups.
The list of user groups appears.
Click the radio button next to the name of the group that you want to delete, and click Delete.
To confirm that you want to delete the group, click OK.

Edit a Group Using Your VMware Cloud Director Tenant Portal

You can edit a group from the VMware Cloud Director Tenant Portal.

Prerequisites

Verify that you are logged in as an organization administrator or a role with equivalent set of rights.

Procedure

From the primary left navigation panel, select Administration.
From the secondary left panel, under Access Control, select Groups.
The list of user groups appears.
Click the radio button next to the name of the group that you want to delete, and click Edit.
Edit the group as necessary.
1. Change the description.
2. Change the role of the members of the group as necessary.
Click Save.

Manage the Resource Quotas of a Group Using Your VMware Cloud Director Tenant Portal

By directly setting quota on a VMware Cloud Director group, you can manage the overall resource consumption limit of each user in it. You can add, edit, and remove the group's quotas on VMs, Tanzu Kubernetes clusters, CPU, memory, or storage. Quotas of the group are applied on each member of the group.

Users inherit quotas from the group they belong to. If a user inherits a resource quota from their group and has an explicit user-level quota defined for that resource, then the user-level quota takes priority over the group-level quota.

For information about importing groups, see Import a Group Using Your VMware Cloud Director Tenant Portal.

Prerequisites

Verify that you have the necessary rights to add, edit, and delete resource quotas. By default, organization administrators can change the quotas of groups.

Procedure

From the primary left navigation panel, select Administration.
In the left panel under Access Control, click Groups.
Select the name of a group and select the Quotas tab.
Groups do not have any quotas by default. All users that belong to a group inherit the group's quotas. If the user belongs to a group that has a quota on resources, the quota appears in the user's list of quotas as not editable.
Click Edit.
Modify the quota for the selected group.
You can add, edit, or remove quotas on the number of Tanzu Kubernetes clusters, all or running VMs managed by the group, consumed CPU, memory, and storage. Select Unlimited if you want the group of users to have unlimited resources of the selected type.
Click Save.