When activated, VMware Identity Manager authentication can be used with vRealize Log Insight.
With VMware Identity Manager authentication, users can use a single sign-on for all VMware products that use the same Identity Manager.
Active Directory users can also authenticate through VMware Identity Manager when the Active Directory and VMware Identity Manager servers are synchronized. See VMware Identity Manager documentation for more information about synchronization.
Integration with VMware Identity Manager can be done only with local users. Active Directory users who are assigned a tenant admin role in VMware Identity Manager are not eligible for integration with vRealize Log Insight.
Prerequisites
Verify that you are logged in to the vRealize Log Insight web user interface as a Super Admin user, or a user associated with a role that has the relevant permissions. See Create and Modify Roles for more information. The URL format of the web user interface is https://log-insight-host, where log-insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
Procedure
- Expand the main menu and navigate to Configuration > Authentication.
- Select Enable Single Sign-On.
- In the Host text box, enter a host identifier for the VMware Identity Manager instance to use for authenticating users .
For example,
company-name.vmwareidentity.com.
- In the API Port text box, specify the port to use to connect to the VMware Identity Manager instance. The default is 443.
- Optionally, enter the VMware Identity Manager tenant. This is required only if tenant mode is configured as tenant-in-path in VMware Identity Manager.
- Specify VMware Identity Manager user credentials in the Username and Password text boxes.
This information is used only once during configuration for creating a
vRealize Log Insight client on
VMware Identity Managerand is not stored locally in vRealize Log Insight. The user must have permission to run API commands against the tenant.
- Click Test Connection to verify that the connection works.
- If the VMware Identity Manager instance provides an untrusted SSL certificate, a dialog box appears with the details of the certificate. Click Accept to add the certificate to the truststores of all the nodes in the vRealize Log Insight cluster.
If you click
Cancel, the certificate is not added to the truststores and the connection with the
VMware Identity Manager instance fails. You must accept the certificate for a successful connection.
- In the Redirect URL Host drop-down menu, select the Hostname or IP to be used in Redirect URL for registering on VMware Identity Manager.
If at least one virtual IP is defined for the Integrated Load Balancer,
VMware Identity Manager redirects to the VIP selected. If the Integrated Load Balancer is not configured, the primary node's IP address is used instead.
- Select whether to allow log in support for Active Directory users through VMware Identity Manager.
You can use this option for Active Directory users when
VMware Identity Manager is synchronized with that Active Directory instance.
- Click Save.
If you did not test the connection and the
VMware Identity Manager instance provides an untrusted certificate, follow the instructions in step 9.