When enabled by an administrator, VMware Identity Manager authentication can be used with vRealize Log Insight.
With VMware Identity Manager authentication, users can use a single sign-on for all VMware products that use the same Identity Manager.
Active Directory users can also authenticate through VMware Identity Manager when the Active Directory and VMware Identity Manager servers are synchronized. See VMware Identity Manager documentation for more information about synchronization.
Integration with VMware Identity Manager can be done only with local users. Active Directory users who are assigned a tenant admin role in VMware Identity Manager are not eligible for integration with vRealize Log Insight.
Verify that you are logged in to the vRealize Log Insight web user interface as a user with the Edit Admin permission. The URL format is https://log-insight-host, where log-insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
- Click the configuration drop-down menu icon and select Administration.
- Under Configuration, click Authentication.
- Select Enable Single Sign-On.
- In the Host text box, enter a host identifier for the VMware Identity Manager instance to use for authenticating users .
For example, company-name.vmwareidentity.com.
- In the API Port text box, specify the port to use to connect to the VMware Identity Manager instance. The default is 443.
- Optionally, enter the VMware Identity Manager tenant. This is required only if tenant mode is configured as tenant-in-path in VMware Identity Manager.
- Specify VMware Identity Manager user credentials in the Username and Password text boxes.
This information is used only once during configuration for creating a vRealize Log Insight client on VMware Identity Managerand is not stored locally in vRealize Log Insight. The user must have permission to run API commands against the tenant.
- Click Test Connection to verify that the connection works.
- In the Redirect URL Host drop-down menu, select the Hostname or IP to be used in Redirect URL for registering on VMware Identity Manager.
If at least one virtual IP is defined for the Integrated Load Balancer, VMware Identity Manager redirects to the VIP selected. If the Integrated Load Balancer is not configured, the master node's IP address is used instead.
- Select whether to allow log in support for Active Directory users through VMware Identity Manager.
You can use this option for Active Directory users when VMware Identity Manager is synchronized with that Active Directory instance.
- Click Save.