After creating an alias for the primary tenant in VMware Identity Manager, you add a tenant and associate it with a vRealize Suite product such as vRealize Automation, so that the tenant can use the product services.

In the API request to create a tenant, you have the option to associate the tenant with a vRealize Suite product. For example, you can create a tenant first then associate it with the product later. The following procedure shows how to create a tenant without product association. An example below the procedure shows how to create a tenant and associate it with vRealize Automation in the same request.

Prerequisites

  • Verify that all general prerequisites have been satisfied. See Tenant management using vRealize Suite Lifecycle Manager APIs.
  • Verify that all prerequisites for adding a tenant by using the vRealize Suite Lifecycle Manager UI have been satisfied. See Add Tenants.
  • Verify that you have the following input values required to create the tenant:
    • The name of the tenant that you choose.
    • If associating it with a product, ID of the environment with the product where the tenant will be assigned. See Associate an existing tenant with vRealize Automation.
    • vidmCludDto Provide details for the administrator of the tenant that you are creating.
    Optional input values include:
    • migratePreludeOAuthClients Defaults to true. If false, existing active directories are not migrated when the tenant is created. For example, set this value to false if you want to associate the tenant with a vRealize Suite product later.
    • vidmDclDTO This data transfer object captures directory information such as names and passwords for AD in VMware Identity Manager. Provide this information if you want to add directories in the primary tenant to the tenant that you are creating.

Procedure

  1. Create a tenant named new_Tenant. 
    curl -X POST \
  '$url/lcm/authzn/api/v2/idp/tenants/onboard/new_Tenant' \
  -H 'Authorization: Basic YWRtaW5AbG9jYWw6VGhpc0lzUGFzc3dvcmQ=' \
  -H 'Content-Type: application/json' \
  -d '{
    "migratePreludeOAuthClients": false,
    "vidmCludDto": {
      "email": "<tenant_admin_email>",
      "familyName": "<tenant_admin_family_name>",
      "givenName": "<tenant_admin_given_name>",
      "password": "<tenant_admin_password>",
      "userName": "<tenant_admin_username>"
    }',
    "vidmDclDTO": {
      "adOverLdapDirectories": [
        {
          "directoryBindPassword": "<AD_password>",
          "directoryName": "<AD_name>"
        }
      ],
      "adWithIwaDirectories": [
        {
          "directoryBindPassword": "<AD_bind_password>",
          "directoryName": "<AD_name>",
          "domainAdminPassword": "<AD_admin_password>"
        }
      ]
    }
  }' | jq "."
    A snippet of the response provides a request ID that you can use to check the status of the request. 
    {
  "requestId": "a0d8d8cd-ac87-4b5c-ba8b-7a0173c56b55"
}
  2. Assign the variable for the requestId. 
    requestId = "a0d8d8cd-ac87-4b5c-ba8b-7a0173c56b55"
  3. Use the requestID to track your request. 
    curl -X GET '$url/lcm/authzn/api/v2/idp/tenants/requests/$requestId' -H 'Authorization: Basic YWRtaW5AbG9jYWw6VGhpc0lzUGFzc3dvcmQ=' | jq "."
    After the request succeeds, the new tenant is created in VMware Identity Manager.

Example: How do I add a tenant that is associated with a product?

To create a tenant that is associated with a product so that it can use the services that the product provides, you make the request and include the productsToAssociateWith field that includes an environment ID and the product in the request.

The following example shows how to create a tenant named new_vRA_Tenant that is associated with vRealize Automation. 
curl -X POST \
  '$url/lcm/authzn/api/v2/idp/tenants/onboard/new_vRA_Tenant' \
  -H 'Authorization: Basic YWRtaW5AbG9jYWw6VGhpc0lzUGFzc3dvcmQ=' \
  -H 'Content-Type: application/json' \
  -d '{
    "migratePreludeOAuthClients": true,
    "productsToAssociateWith": [
      {
        "environmentId": "cd6043b4-4848-4f57-90f9-90ab87274185",
        "productId": "vra"
      }
    ],
    "vidmCludDto": {
      "email": "frodo@example_company.com",
      "familyName": "Pepsidev56-157_last_name",
      "givenName": "Pepsidev56-157_first_name",
      "password": "S0mePassw0rd!",
      "userName": "Pepsidev56-157"
    },
    "vidmDclDTO": {
      "adOverLdapDirectories": [
        {
          "directoryBindPassword": "ADB!ind1_Passw0rd!",
          "directoryName": "AD_1"
        }
      ],
      "adWithIwaDirectories": [
        {
          "directoryBindPassword": "ADB!nd2_Passw0rd!",
          "directoryName": "AD_2",
          "domainAdminPassword": "AD_D0main_Passw0rd!"
        }
      ]
    }
  }' | jq "."

What to do next

Associate the tenant with a product. Associate an existing tenant with vRealize Automation.