vRealize Automation uses VMware Workspace ONE Access, the VMware supplied identity management application to import and manage users and groups. After users and groups are imported or created, you can manage the role assignments for single tenant deployments using the Identity & Access Management page.

vRealize Automation is installed using VMware Lifecycle Manager (vRSLCM or LCM). When installing vRealize Automation you must import an existing Workspace ONE Access instance, or deploy a new one to support identity management. These two scenarios define your management options.

  • If you deploy a new Workspace ONE Access instance, you can manage users and groups via LCM. During installation, you can set up an Active Directory connection using Workspace ONE Access. Alternatively, you can view and edit some aspects of users and groups within vRealize Automation using the Identity & Access Management page as described herein.
  • If you use an existing Workspace ONE Access instance, you import it for use with vRealize Automation via LCM during installation. In this case, you can continue to use Workspace ONE Access to manage users and groups, or you can use the management functions in LCM.

See Logging in to tenants and adding users in vRealize Automation for more information about managing users under a multi-organization deployment.

vRealize Automation users must be assigned roles. Roles define access to features within the application. When vRealize Automation is installed with a Workspace ONE Access instance, a default organization is created and the installer is assigned the Organization Owner role. All other vRealize Automation roles are assigned by the Organization Owner.

There are three types of roles in vRealize Automation: organization roles, service roles, and project roles. For vRealize Automation Cloud Assembly, Service Broker and Code Stream, typically, user level roles can use resources, while admin level roles are required to create and configure resources. Organizational roles define permissions within the tenant; organizational owners have admin level permissions while organizational members have user level permissions. Organization owners can add and manage other users.
Organization Roles Service Roles
  • Organization Owner
  • Organization Member
  • Cloud Assembly Administrator
  • Cloud Assembly User
  • Cloud Assembly Viewer
  • Service Broker Administrator
  • Service Broker User
  • Service Broker Viewer
  • Code Stream Administrator
  • Code Stream User
  • Code Stream Viewer

In addition, there are two main project level roles not shown in the table: Project Administrator, and Project User. These roles are assigned ad hoc on a per project basis with Cloud Assembly. These roles are somewhat fluid. The same user can be an administrator on one project and a user on another project. For more information, see What are the vRealize Automation user roles.

For more information about working with LCM and Workspace ONE Access, see User Management with VMware Identity Manager.