To use delegated administration, you must create a user group with permission to register and update vCenter extensions.

If you have been using vRealize Orchestrator and have already created users and groups that have permission to register and update vCenter extensions, you might not need to perform all the steps described in this topic. For example, if you already have such a group, but the user who will manage View desktop pools and application pools is not in the group, you can simply add that user to the group.

Prerequisites

Verify that you have credentials for logging in to the vSphere Web Client as a user with vCenter Single Sign-On administrator privileges.

Procedure

  1. Log in to the vSphere Web Client as [email protected] or as another user with vCenter Single Sign-On administrator privileges.
  2. Create a Delegated Administrators group.
    1. Browse to Administration > Single Sign-On > Users and Groups.
    2. Select the Groups tab and click the New Group icon.
    3. Supply a name such as Delegated Admins and click OK.
      The new group appears in the list.
  3. Select the group you just created and use the Group Members section of the tab to add a delegated administrator user to this group.
    This user must be a member of the domain that includes the Horizon Connection Server instance.
  4. Create a role that has permission to read vCenter extensions.
    1. Browse to Administration > Roles.
    2. On the Roles tab, click the Create role action icon.
    3. Supply a name for the role and select the Extensions check box.
      If you expand the Extensions item, you see that the Register extension, Unregister extension, and Update extension check boxes are also selected.
    4. Click OK.
      The new role appears in the list.
  5. Add the new role you just created to the new group you created.
    1. Go to the vCenter Home page and browse to vCenter > Inventory Lists > vCenters.
    2. Select the appropriate vCenter instance in the left pane, and click the Manage tab.
    3. On the Manage tab, click Permissions and click the Add permission icon.
    4. In the Users and Groups pane, click Add and add the group you just created.
      To find the group, select the correct domain.
      The group appears in the list of users and groups in the Add Permission dialog box.
    5. In the Assigned Role pane, click the drop-down arrow and select the role you just created.
      In the list of permissions for this role, a check mark appears next to Extensions.
    6. Click OK.
      The group appears on the Permissions tab, along with the role you just assigned.

What to do next

Provide the Delegated Administrators group access to the vRealize Orchestrator Plug-in for Horizon workflows. See Provide Access Rights to the vRealize Orchestrator Plug-in for Horizon Workflows.