You must have the manager Active Directory attributes configured in Workspace ONE Access VMware Identity Manager if you plan us use role-based approvers for approval policies in vRealize Automation Service Broker. To do this you must have permission to configure the VMware Identify Manager instance that you use with vRealize Automation.

This procedure primarily covers work that you perform outside of vRealize Automation. Links to relevant procedure are provided.

Prerequisites

  • Verify that you have administrator credentials in Workspace ONE Access and VMware Identity Manager.

Procedure

  1. In the VMware Identity Manager instance that you use with vRealize Automation, verify that your are integrating Active Directory with Identity Manager.
  2. Configure the user attributes.
    The basic steps are provided below. For more information, see Managing User Attributes that Sync from Active Directory.
    1. In Identity Manager, click your local administrator login and click Administration Console.
      Screenshot showing the Administration Console selected in the local admin settings.
    2. Select the Identity and Access Management tab and click Setup.
    3. Click User Attributes.
      Screenshot of the user attributes page with the values that are described in the next substeps.
    4. Verify that the following attributes exist in the Default Attributes section.
      • userName
      • email
      • firstName
      • LastName
      • phone
      • disabled
      • employeeID
      • distinguishedName
      • userPrincipalName
      • domain
    5. In the Add other attributes to use section add the following attribute.
      • manager
    6. Click Save.
  3. After you make any changes, you must synchronize the affected directories.
    1. Click Manage.
    2. Select the Directories tab.
    3. Open the directory by clicking the directory name and click Sync Settings.
      Screenshot of the Sync Settings > Mapped Attributes page with the manager attribute highlighted.
    4. Click Mapped Attributes and verify that the manager attribute is defined as manager.
    5. Click Save and Sync.
    6. Click Sync Directory.

Results

You can now use the AD Manager role in you approval policies.