Before you configure identity and access management for vRealize Automation, you must synchronize the Active Directory users and groups for use by vRealize Automation to the clustered Workspace ONE Access instance.

You synchronize the following Active Directory groups:

  • Organization owners

  • Cloud Assembly administrators

  • Cloud Assembly users

  • Cloud Assembly viewers

  • Service Broker administrators

  • Service Broker users

  • Service Broker viewers

  • Orchestrator administrators

  • Orchestrator workflow designers

  • Orchestrator viewers

UI Procedure

  1. Log in to the clustered Workspace ONE Access deployment at https://<clustered_workspace_one_access_fqdn>/admin with a user assigned the administrator role.
  2. On the main navigation bar, click Identity and access management.

  3. Click the Directories tab and select your directory name.

  4. On the Settings tab, click Sync settings.

  5. Click the Groups tab.

  6. Under Groups to sync, click Select.

  7. In the Select the Active Directory group DNs dialog box, select the Active Directory group names according to your values in the VMware Cloud Foundation Planning and Preparation Workbook.

  8. Click Save and click Save and sync.

  9. To initialize the directory import, click Sync directory.

PowerShell Procedure

  1. Start Windows PowerShell.

  2. Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

    $wsaFqdn = ""
    $wsaUser = "admin"
    $wsaPass = "VMw@re1!"
    $domain = ""
    $bindUser = "svc-wsa-ad"
    $bindPass = "VMw@re1!"
    $baseDnGroup = "OU=Security Groups,DC=sfo,DC=rainpole,DC=io"
    $adGroups = "gg-vra-org-owners","gg-vra-cloud-assembly-admins","gg-vra-cloud-assembly-users","gg-vra-cloud-assembly-viewers","gg-vra-service-broker-admins","gg-vra-service-broker-users","gg-vra-service-broker-viewers","gg-vra-orchestrator-admins","gg-vra-orchestrator-designers","gg-vra-orchestrator-viewers"
  3. Perform the configuration by running the command in the PowerShell console.

    Add-WorkspaceOneDirectoryGroup -server $wsaFqdn -user $wsaUser -pass $wsaPass -domain $domain -bindUser $bindUser -bindPass  $bindPass -baseDnGroup $baseDnGroup -adGroups $adGroups


The groups are accessible for identity and access management configuration in vRealize Automation.