You can add an existing VMware Identity Manager or deploy new VMware Identity Manager through vRealize Suite Lifecycle Manager.

Adding vIDM is an optional step and by configuring vIDM with single sign-on across vRealize Suite Lifecycle Manager and products can be achieved.

Note:

vIDM acts as an identity provider and manages SSO for the vRealize Suite products and vRSLCM when integrated with vRSLCM. SSO provides a single set of credentials to access all vRealize Suite applications and vRSLCM. With SSO, you are only required to log in once, and then you can seamlessly access all vRealize Suite applications.

In vRSLCM, you can provide a suite administrator (in AD Settings) at the time of configuring vIDM with vRSLCM. vRealize Suite products deployed after this configuration can be accessed with the suite administrator credentials with one time authentication.

Note:

When vIDM is used with vRSLCM, only Active Directory over LDAP and Active Directory with IWA are used to sync users and groups to the VMware Identity Manager service. Active Directory over LDAP and Active Directory with IWA are the only supported directory integration.

Deployment of an identity manager through vRLSCM is through a single node with an Internal PostgreSQL database embedded in the appliance and does not support an external database like Microsoft SQL. vRSLCM does not perform cluster-based installations of VMware Identity Manager.

Prerequisites

Verify that you have an existing VMware Identity Manager version 2.9.2, 3.2.0, 3.2.0.1, 3.3.0 as vRealize Suite Lifecycle Manager supports only these versions.

Procedure

  1. Click Settings and navigate to User Management > Authentication Source.
  2. You can either select Add an Existing Identity Manager or Install a New Identity Manager.
    1. If you want to add an existing identity manager then, enter the Host Name, User Name, Password and click Add.
    2. To replace certificate, click Replace Certificate.
    3. If you do not want to use the identity manager, then click Unregister. If you unregister, the associated roles and active directories from vRealize Suite Lifecycle Manager are also deleted. Therefore, read the warning message and then click Delete.

    When you register an existing identity manager to update, a duplicate catalog entry is created.

    Note:

    VMware Identity Manager 3.2 or later does not automatically sync users under a corresponding group that are synced through group DN unless they are manually synced or entitled to an application. For more information, see KB article 55737 and KB article 55727.

  3. Click Upgrade and select the required Repository Type.

    Option

    Description

    VMware Repository

    You can provide a online source.

    Repository URL

    You can provide an upgrade link.

    vRSLCM Repository

    You can upload a upgraded file and map them locally in vRSLCM.

  4. Select the version to which you want to upgrade the identity manager.
  5. Enter the SSH Password, vIDM Root Password and click Next.
  6. Click Run Precheck and click Upgrade.
  7. If you have selected to install a new existing identity manager.
    1. Select an existing data center or click + to add a data center.
    2. Select Identity Manager version from the drop-down menu.
    3. Click Install.
  8. Under Access Control, after configuring VMware Identity Manager, click Add User/Group to add existing Active Directory users and assign roles to manage vRealize Suite Lifecycle Manager.
  9. To remove an existing user from the list of users, click Remove User.

    With 1.3 onwards, when you remove a user, it means that you are removing the role mapping for that selected user. Therefore, the user is not available from the vRealize Suite Lifecycle Manager access control.

Results

After vRealize Suite Lifecycle Manager is registered to the identity manager, vRealize Suite Lifecycle Manager is visible in the VMware Identity Manager app catalog. You should have at least one role attached to that user.

What to do next

You can view the installation progress for a new VMware Identity Manager on the Requests tab. When the request shows a status as COMPLETED, vRealize Suite Lifecycle Manager is registered to VMware Identity Manager.