The Connectors page lists deployed connectors for your enterprise network. A connector syncs user and group data between Active Directory and the Directories Management service, and when it is used as the identity provider, authenticates users to the service.
In vRealize Automation, each vRealize Automation appliance contains its own connector, and these connectors are suitable for most deployments.
When you associate a directory with a connector instance, the connector creates a partition for the associated directory called a worker. A connector instance can have multiple associated workers. Each worker acts as an identity provider. The connector syncs user and group data between Active Directory and the service through one or more workers. You define and configure authentication methods on a per worker basis.
You can manage various aspects of an Active Directory link from the Connectors page. This page contains a table and several buttons that enable you to complete various management tasks.
In the Worker column, select a worker to view the connector details and navigate to the Auth Adapters page to see the status of the available authentication methods. For information about authentication, see Integrating Alternative User Authentication Products with Directories Management.
In the Identity Provider column, select the IdP to view, edit or disable. See Configure an Identity Provider Instance.
In the Associated Directory column, access the directory associated with this worker.
Click Join Domain to join the connector to a specific Active Directory domain. For example when you configure Kerberos authentication, you must join the Active Directory domain either containing users or having trust relationship with the domains containing users.
When you configure a directory with an Integrated Windows Authentication Active Directory, the connector joins the domain according to the configuration details.
Connectors in a Clustered Environment
In a distributed, vRealize Automation deployment, all available connectors perform any required user authorization, while a single designated connector handles all configuration synchronization. Typically, synchronization would include additions, deletions, or changes to the user configuration, and synchronization occurs automatically as long as all connectors are available. There are some specific situations in which automatic synchronization may not occur.
For changes related to directory configuration, such as base dn, vRealize Automation attempts to automatically push updates to all connectors in a cluster. If a connector is inoperable or unreachable for some reason, that connector will not receive the update, even when it resumes online operation. To implement configuration changes to connectors that may not have received them automatically, system administrators must manually save the changes to all applicable connectors.
For directory sync profile related changes, vRealize Automation attempts to automatically push updates to all connectors as well. If the sync connector is operational, the update is saved and pushed to all available authorization connectors. If one or more connectors is unreachable, the system admin receives a warning indicating that not all connectors were updated. If the sync connector is inoperable, the update fails and an error occurs. If the system admin changes the connector designated as the sync connector, the new sync connector receives the latest available profile information, and this information is pushed to all applicable, and available, connectors.