To provide identity and access management for vRealize Log Insight in the management domain, you add the vRealize Log Insight user groups to the synchronized user groups in the Workspace ONE Access instance.
You add the Active Directory Groups to synchronized groups in Workspace ONE Access that contain the following vRealize Log Insight roles:
Super Admin
User
View Only Admin
UI Procedure
- Log in to the standalone Workspace ONE Access instance at https://<standalone_workspace_one_access_fqdn>/admin as a System Domain admin.
On the main navigation bar, click Identity and access management.
Click the Directories tab and click the active directory name.
On the active directory page, click Sync settings.
Add the Active Directory groups to the synchronized groups.
Click the Groups tab and, next to the synchronized active directory group DN, click Select.
In the Select the Active Directory group DNs dialog box, select the vRealize Log Insight active directory groups for the following vRealize Log Insight roles and click Save.
Super Admin
User
View Only Admin
Click Save and sync.
In the Review dialog box, click Sync directory.
PowerShell Procedure
Start Windows PowerShell.
Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.
$wsaFqdn = "sfo-wsa01.sfo.rainpole.io" $wsaUser = "admin" $wsaPass = "VMw@re1!" $domain = "sfo.rainpole.io" $bindUser = "svc-wsa-ad" $bindPass = "VMw@re1!" $baseDnGroup = "OU=Security Groups,DC=sfo,DC=rainpole,DC=io" $adGroups = "gg-vrli-viewers","gg-vrli-admins","gg-vrli-users"
Perform the configuration by running the command in the PowerShell console.
Add-WorkspaceOneDirectoryGroup -server $wsaFqdn -user $wsaUser -pass $wsaPass -domain $domain -bindUser $bindUser -bindPass $bindPass -baseDnGroup $baseDnGroup -adGroups $adGroups
