Connect to your Active Directory to import your users and groups into vRealize Automation using the Directories Management functionality.

About this task

Perform these steps for each of your tenants.

Prerequisites

Verify that you have access privileges to the Active Directory.

Procedure

  1. Log in to the vRealize Automation console, https://vra-appliance/vcac/org/tenant_name .
  2. Navigate to Administration > Directories Management > Directories.
  3. Click Add Directory.
  4. Enter your specific Active Directory account settings.
    • Non-Native Active Directories

    Option

    Sample Input

    Directory Name

    Enter a unique directory name.

    Select Active Directory over LDAP when using non-Native Active Directory.

    This Directory Supports DNS Services

    Uncheck this option.

    Base DN

    Enter the Distinguished Name (DN) of the starting point for directory server searches.

    For example, cn=users,dc=rainpole,dc=local.

    Bind DN

    Enter the full distinguished name (DN), including common name (CN), of an Active Directory user account that has privileges to search for users.

    For example, cn=config_admin infra,cn=users,dc=rainpole,dc=local.

    Bind DN Password

    Enter the Active Directory password for the account that can search for users.

    • Native Active Directories

    Option

    Sample Input

    Directory Name

    Enter a unique directory name.

    Select Active Directory (Integrated Windows Authentication) when using Native Active Directory.

    Domain Name

    Enter the name of the domain to join.

    Domain Admin Username

    Enter the username for the domain admin

    Domain Admin Password

    Enter the password for the domain admin account.

    Bind User UPN

    Enter the name of the user who can authenticate the domain. Use the email address format.

    Bind DN Password

    Enter the Active Directory bind account password for the account that can search for users.

  5. Click Test Connection to test the connection to the configured directory.
  6. Click Save & Next.

    The Select the Domains page with the list of domains appears.

  7. Accept the default domain setting and click Next.
  8. Verify that the attribute names are mapped to the correct Active Directory attributes and click Next.
  9. Select the groups and users you want to synchronize.
    1. Click the New icon.
    2. Enter the user domain and click Find Groups.

      For example, dc=vcac,dc=local.

    3. Click Select to select the groups you want to synchronize.
    4. Click Next.
    5. On the Select Users page, select the users you want to synchronize and click Next.
  10. Review the users and groups are syncing to the directory and click Sync Directory.

    The directory synchronization process takes some time and it happens in the background.

  11. Navigate toAdministration > Directories Management > Identity Providersand click on your new identity provider.

    For example, WorspaceIDP__1.

  12. Scroll to the bottom of the page and update the value for the IdP Hostname property to point to the FQDN for the vRealize Automation load balancer.
  13. Click Save.
  14. Repeat steps 11-13 for each tenant and identity provider.

    After upgrading all vRealize Automation nodes, login to each tenant and navigate again to Administration > Directories Management > Identity Providers . Each identity provider should have all vRealize Automation connectors added to it.

    For example, if your deployment has two vRealize Automation appliances, the identity provider should have two connectors added to it.