You manage access to VMware Aria Operations by assigning users and groups, synchronized to Workspace ONE Access, to VMware Aria Operations roles.

Users can authenticate to VMware Aria Operations by using the following account types:
Table 1. VMware Aria Operations Account Types

Account Type

Description

Imported from an LDAP database

Users can use their LDAP credentials to log in to VMware Aria Operations.

Integrated with Workspace ONE Access

Users and groups from an identity source are synchronized to VMware Aria Operations through the global Workspace ONE Access.

vCenter Server user accounts

After a vCenter Server instance is registered with VMware Aria Operations, the following users can log in to VMware Aria Operations:

  • Users that have administration access in vCenter Server.

  • Users that have one of the VMware Aria Operations privileges, such as PowerUser, assigned to the account which appears at the root level in vCenter Server.

Local user accounts in VMware Aria Operations

VMware Aria Operations performs local authentication using the account information stored in its internal database.

Table 2. Design Decision on Identity Management for VMware Aria Operations

Design Decision ID

Design Decision

Design Justification

Design Implication

IOM-VAOPS-SEC-001

Activate VMware Aria Operations integration with your corporate identity source by using the clustered Workspace ONE Access deployment.

Allows authentication, including multi-factor, to VMware Aria Operations by using your corporate identity source.

Allows authorization through the assignment of organization and cloud services roles to enterprise users and groups defined in your corporate identity source.

You must deploy and configure a Workspace ONE Access cluster to establish the integration between VMware Aria Operations and your corporate identity sources.

IOM-VAOPS-SEC-002

Assign the default Administrator role in VMware Aria Operations to an Active Directory security group.

Provides the following access control features:

  • Access to VMware Aria Operations administration is granted to a managed set of individuals that are members of the security group.

  • You can introduce improved accountability and tracking organization owner access to VMware Aria Operations .

You must maintain the life cycle and availability of the security group outside of the SDDC stack.

IOM-VAOPS-SEC-003

Assign the default ContentAdmin role in VMware Aria Operations to an Active Directory security group.

Provides the following access control features:

  • Access to the VMware Aria Operations user interface is granted to a managed set of individuals that are members of the security group.

  • You can introduce improved accountability and tracking organization owner access to VMware Aria Operations .

You must maintain the life cycle and availability of the security group outside of the SDDC stack.

IOM-VAOPS-SEC-004

Assign the default ReadOnly role in VMware Aria Operations to an Active Directory security group.

Provides the following access control features:

  • Access to the VMware Aria Operations user interface is granted to a managed set of individuals that are members of the security group.

  • You can introduce improved accountability and tracking organization owner access to VMware Aria Operations .

You must maintain the life cycle and availability of the security group outside of the SDDC stack.