You can authenticate users through Active Directory to simplify the log in process by letting users use a common password for multiple purposes.
Child domain access is not supported through Active Directory. This type of access is supported through VMware Identity Manager only.
Verify that you are logged in to the vRealize Log Insight web user interface as a user with the Edit Admin permission. The URL format is https://log-insight-host, where log-insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
- Click the configuration drop-down menu icon and select Administration.
- Under Configuration, click Authentication.
- Select Enable Active Directory support.
- In the Default Domain text box, type a domain name.
For example, company-name.com.Note: You cannot list multiple domains in the default domain text box. If the default domain that you specify is trusted by other domains, vRealize Log Insight uses the default domain and the binding user to verify AD users and groups in the trusting domains. Child-domain access with AD is unsupported.
If you switch to a different domain that already includes users and groups, the authentication fails for the existing users and groups, and data saved by the existing users is lost.
- If you have geo-located or security-restricted domain controllers, manually specify the domain controllers closest to this vRealize Log Insight instance.
Note: Load-balanced Active Directory authorization servers are not supported.
- Enter the credentials of a binding user that belongs to the default domain.
vRealize Log Insight uses the default domain and the binding user to verify AD users and groups in the default domain, and in domains that trust the default domain.
- Specify values for the connection type.
This connection is used for Active Directory authentication.
- Click Save.