Tenant administrators can configure tenant identity management and access control settings using the Directories Management options on the vRealize Automation application console.

You can manage the following settings from the Administration > Directories Management tab.

Table 1. Directories Management Settings

Setting

Description

Directories

The Directories page enables you to create and manage Active Directory links to support vRealize Automation tenant user authentication and authorization. You create one or more directories and then sync those directories with your Active Directory deployment. This page displays the number of groups and users that are synced to the directory and the last sync time. You can click Sync Now, to manually start the directory sync.

See Using Directories Management to Create an Active Directory Link.

When you click on a directory and then click the Sync Settings button, you can edit the sync settings, navigate the Identity Providers page, and view the sync log.

From the directories sync settings page you can schedule the sync frequency, see the list of domains associated with this directory, change the mapped attributes list, update the user and groups list that syncs, and set the safeguard targets.

Connectors

The Connectors page lists deployed connectors for your enterprise network. A connector syncs user and group data between Active Directory and the Directories Management service, and when it is used as the identity provider, authenticates users to the service. Each vRealize Automation appliance contains a connector by default. See Managing Connectors and Connector Clusters.

User Attributes

The User Attributes page lists the default user attributes that sync in the directory and you can add other attributes that you can map to Active Directory attributes. See Select Attributes to Sync with Directory.

Network Ranges

This page lists the network ranges that are configured for your system. You configure a network range to allow users access through those IP addresses. You can add additional network ranges and you can edit existing ranges. See Add or Edit a Network Range.

Identity Providers

The Identity Providers page lists identity providers that are available on your system. vRealize Automation systems contain a connector that serves as the default identity provider and that suffices for many user needs. You can add third-party identity provider instances or have a combination of both.

See Configure an Identity Provider Instance.

Policies

The Policies page lists the default access policy and any other web application access policies you created. Policies are a set of rules that specify criteria that must be met for users to access their application portals or to launch Web applications that are enabled for them. The default policy should be suitable for most vRealize Automation deployments, but you can edit it if needed. See Manage the User Access Policy.