Before you import your users and groups to a high-availability vRealize Automation environment, you must connect to your Active Directory link.

  • Perform steps 1- 8 for each tenant. If a tenant has more than one Active Directory, perform this procedure for each Active Directory that the tenant uses.

  • Repeat steps 9–10 for each identity provider associated with a tenant.


  • Create an Administrator for Each Added Tenant.

  • Verify that you have access privileges to the Active Directory.

  • Log in to the tenanted target vRealize Automation console at with the tenant administrator user name and password.


  1. Select Administration > Directories Management > Directories.
  2. Click Add Directory icon (Add) and select Add Active Directory over LDAP/IWA.
  3. Enter your Active Directory account settings.
    • For Non-Native Active Directories


    Sample Input

    Directory Name

    Enter a unique directory name.

    Select Active Directory over LDAP when using Non-Native Active Directory.

    This Directory Supports DNS Service Location

    Deselect this option.

    Base DN

    Enter the distinguished name (DN) of the starting point for directory server searches.

    For example, cn=users,dc=rainpole,dc=local.

    Bind DN

    Enter the full distinguished name (DN), including common name (CN), of an Active Directory user account that has privileges to search for users.

    For example, cn=config_admin infra,cn=users,dc=rainpole,dc=local.

    Bind DN Password

    Enter the Active Directory password for the account that can search for users and click Test Connection to test the connection to the configured directory.

    • For Native Active Directories


    Sample Input

    Directory Name

    Enter a unique directory name.

    Select Active Directory (Integrated Windows Authentication) when using Native Active Directory.

    Domain Name

    Enter the name of the domain to join.

    Domain Admin Username

    Enter the user name for the domain admin.

    Domain Admin Password

    Enter the password for the domain admin account.

    Bind User UPN

    Use the email address format to enter the name of the user who can authenticate with the domain.

    Bind DN Password

    Enter the Active Directory bind account password for the account that can search for users.

  4. Click Save & Next.

    The Select the Domains page displays the list of domains.

  5. Accept the default domain setting and click Next.
  6. Verify that the attribute names are mapped to the correct Active Directory attributes, and click Next.
  7. Select the groups and users to synchronize.
    1. Click the New icon Add.
    2. Enter the user domain and click Find Groups.

      For example, enter dc=vcac,dc=local.

    3. To select the groups to synchronize, click Select and click Next.
    4. On the Select Users page, select the users to synchronize and click Next.

      Only add users and groups that are required to use vRealize Automation. Do not select Sync nested groups unless all of the groups in the nest are required to use vRealize Automation.

  8. Review the users and groups you are syncing to the directory, and click Sync Directory.

    The directory synchronization takes some time and runs in the background.

  9. Select Administration > Directories Management > Identity Providers, and click your new identity provider.

    For example, WorkspaceIDP__1.

  10. On the page for the identity provider that you selected, add a connector for each node.
    1. Follow the instructions for Add a Connector.
    2. Update the value for the IdP Hostname property to point to the fully qualified domain name (FQDN) for the vRealize Automation load balancer.
    3. Click Save.

What to do next

Run NSX Network and Security Inventory Data Collection in the Source vRealize Automation Environment.