You need to create IDPs to authenticate the users and determine their group membership.

Note: It is recommended to create a new IDP for new tenants because when you change the default IDP from VC to AD or vice versa from the tca-m:9443 portal, it updates the default IDP associated with the default tenant and removes access to the tenants with existing users configured in vCenter/AD and permissions set in TCA.

Procedure

  1. Log in to the VMware Telco Cloud Automation.
  2. Click Authorization > Tenants.
    Note: Default IDP is created as part of the VMware Telco Cloud Automation installation process. You can edit or delete the default IDP only by logging in to the VMware Telco Cloud Automation Appliance Manager portal using the port tca-m/:9443.
  3. Click Create.
  4. In the Create Identity Provider window, enter a name for the IDP.
  5. Select one of the following IDP types:
    • vCenter: If you have stored the user information in vCenter, select this option and provide the following information:
      • URL: IP address or FQDN of the vCenter server.
      • Username: User name of any admin user.
    • Active Directory: If you have stored the user information in the active directory, select this option.
      • URL: URL of the Active Directory server.
      • Base Distinguished Name for Users: The base distinguished name for the users of the LDAP directory.
      • Base Distinguished Name for Groups: The base distinguished name for the groups of the LDAP directory.
      • Admin User Distinguished Name: The base distinguished name for the administrator of the LDAP directory.
  6. Enter the Password of the administrative user.
  7. Click Add.

What to do next

  • Edit an IDP - Click the vertical ellipse corresponding to the IDP that you want to edit and click Edit.
    Note: When you edit an IDP, all permissions associated with the IDP become invalid. For example, if you switch from AD to vCenter, the previously configured permissions become invalid. Therefore, it is recommended that you verify each of the permissions for the IDP before editing it.
  • Delete an IDP - Click the vertical ellipse corresponding to the IDP that you want to delete and click Delete.
    Note:
    • You can delete an IDP only if all the tenants associated with the IDP are deleted.
    • You cannot edit or delete the default IDP. However, a system administrator can edit or delete the IDP configurations by logging in to the Telco Cloud Appliance Manager portal. For more information, see Configure VMware Telco Cloud Automation Manager.