VMware Identity Manager is integrated in the vRealize Automation appliance, and provides tenant identity management.

The VMware Identity Manager synchronizes with the Rainpole Active Directory domain. Important users and groups are synchronized with VMware Identity Manager. Authentication uses the Active Directory domain, but searches are made against the local Active Directory mirror on the vRealize Automation appliance.

Table 1. Design Decisions on Active Directory Authentication for Tenants in vRealize Automation
Decision ID Design Decision Design Justification Design Implication
CSDDC-CMP-038 Use Active Directory with Integrated Windows Authentication as the Directory Service connection option. Rainpole uses a single-forest, multiple-domain Active Directory environment.

Integrated Windows Authentication supports establishing trust relationships in a multi-domain or multi-forest Active Directory environment.

The vRealize Automation appliances must be joined to the Active Directory domain.

By default, the vRealize Automation appliance is configured with 18 GB of memory, which is enough to support a small Active Directory environment. An Active Directory environment is considered small if fewer than 25,000 users in the organizational unit (OU) have to be synchronized. An Active Directory environment with more than 25,000 users is considered large and needs additional memory and CPU. For more information on sizing your vRealize Automation deployment, see the vRealize Automation documentation.

The connector is a component of the vRealize Automation service and performs the synchronization of users and groups between Active Directory and the vRealize Automation service. In addition, the connector is the default identity provider and authenticates users to the service.