Users can authenticate to VMware Aria Operations for Logs in the following ways:
| Account Type |
Description |
|---|---|
| Import users or user groups from Microsoft Active Directory |
Users can use their Active Directory credentials to log in to VMware Aria Operations for Logs. |
| Integrate with Workspace ONE Access |
Specified users and groups from upstream identity sources are synchronized to VMware Aria Operations for Logs through Workspace ONE Access. |
| Create local user accounts in VMware Aria Operations for Logs |
VMware Aria Operations for Logs performs local authentication using the account information stored in its global database. |
This validated solution activates authentication using Active Directory over LDAP to ensure accountability on user access. You can grant both users and groups access to VMware Aria Operations for Logs to perform tasks, such as analyzing logs and viewing dashboards. For information on the Identity and Access Management Validated Solution, see VMware Cloud Foundation Validated Solutions.
Active Directory Integration for VMware Aria Operations for Logs
VMware Aria Operations for Logs provides delegation of permissions through the use of roles. Roles allow you to assign pre-defined set of permissions on a typical set of tasks that users perform.
This solution provides design and implementation guidance on configuring the VMware Aria Operations for Logs built-in roles to Active Directory security groups.
| Role |
Description |
|---|---|
| Super Admin | A role with privileges to administer all VMware Aria Operations for Logs functionalities through the UI. |
| View Only Admin | A role with privileges to view Admin information and has full User access. |
| User | A role with privileges to use all VMware Aria Operations for Logs funcionalities, such as Dashboards and Explore Logs, but with no access to adiministration options. |
| Dashboard User | A role with privileges to use only Dashboards. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
|---|---|---|---|
ILA-VAOL-SEC-001 |
Activate VMware Aria Operations for Logs integration with your identity source by using the the Active Directory over LDAP. |
Allows authentication to VMware Aria Operations for Logs using your identity source. Allows authorization through the assignment of roles to enterprise users and groups defined in your identity source. |
None. |
ILA-VAOL-SEC-002 |
Create a security group in your directory services for VMware Aria Operations for Logs administrators and assign the Super Admin role to the group. |
Streamlines the management of VMware Aria Operations for Logs roles for users. Provides the following access control features:
|
You must create the security group outside of the SDDC stack. You must maintain the life cycle and availability of the security group outside of the SDDC stack. |
ILA-VAOL-SEC-003 |
Create a security group in your directory services for VMware Aria Operations for Logs users and assign the User role to the group. |
Streamlines the management of VMware Aria Operations for Logs roles for users. Provides the following access control features:
|
You must create the security group outside of the SDDC stack. You must maintain the life cycle and availability of the security group outside of the SDDC stack. |
ILA-VAOL-SEC-004 |
Create a security group in your directory services for VMware Aria Operations for Logs viewers and assign the View Only Admin role to the group. |
Streamlines the management of VMware Aria Operations for Logs roles for users. Provides the following access control features:
|
|
