Before you configure identity and access management for VMware Aria Operations, you must synchronize the Active Directory users and groups for use by VMware Aria Operations to the clustered Workspace ONE Access instance.

You synchronize the following Active Directory groups:

  • Admin

  • Content Admin

  • Read Only

UI Procedure

  1. Log in to the clustered Workspace ONE Access deployment at https://<clustered_workspace_one_access_fqdn>/admin with a user assigned the administrator role.

  2. On the main navigation bar, click Identity and Access management.

  3. Click the Directories tab and select your directory name.

  4. On the Settings tab, click Sync settings.

  5. Click the Groups tab.

  6. Under Groups to sync, click Select.

  7. In the Select the Active Directory group DNs dialog box, select the Active Directory group names according to your values in the VMware Cloud Foundation Planning and Preparation Workbook.

  8. Click Save and click Save and sync.

  9. To initialize the directory import, click Sync directory.

PowerShell Procedure

  1. Start PowerShell.

  2. Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

    $wsaFqdn = "xint-wsa01a.rainpole.io"
$wsaUser = "admin"
$wsaPass = "VMw@re1!"

$domainFqdn = "sfo.rainpole.io"
$wsaBindUser = "svc-wsa-ad"
$wsaBindPass = "VMw@re1!"
$baseDnGroup = "OU=Security Groups,DC=sfo,DC=rainpole,DC=io"
$adGroups = "gg-vrops-admins","gg-vrops-content-admins","gg-vrops-read-only"

  3. Perform the configuration by running the command in the PowerShell console.

    Add-WorkspaceOneDirectoryGroup -server $wsaFqdn -user $wsaUser -pass $wsaPass -domain $domain -bindUser $wsaBindUser -bindPass $wsaBindPass -baseDnGroup $baseDnGroup -adGroups $adGroups