You can authenticate users through Active Directory to simplify the log in process by letting users use a common password for multiple purposes.
Child domain access is not supported through Active Directory. This type of access is supported through VMware Identity Manager only.
Prerequisites
Verify that you are logged in to the vRealize Log Insight web user interface as a Super Admin user, or a user associated with a role that has the relevant permissions. See Create and Modify Roles for more information. The URL format of the web user interface is https://log-insight-host, where log-insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
Procedure
- Navigate to the Administration tab.
- Under Configuration, click Authentication.
- Select Enable Active Directory support.
- In the Default Domain text box, type a domain name.
For example,
company-name.com.
Note: You cannot list multiple domains in the default domain text box. If the default domain that you specify is trusted by other domains,
vRealize Log Insight uses the default domain and the binding user to verify Active Directory users and groups in the trusting domains. Child-domain access with Active Directory is unsupported.
If you switch to a different domain that already includes users and groups, the authentication fails for the existing users and groups, and data saved by the existing users is lost.
- If you have geo-located or security-restricted domain controllers, manually specify the domain controllers closest to this vRealize Log Insight instance.
Note: Load-balanced Active Directory authorization servers are not supported.
- Enter the credentials of a binding user that belongs to the default domain.
vRealize Log Insight uses the default domain and the binding user to verify AD users and groups in the default domain, and in domains that trust the default domain.
- Specify values for the connection type.
This connection is used for Active Directory authentication.
- Click Test Connection to verify that the connection works.
- If the Active Directory server provides an untrusted SSL certificate, a dialog box appears with the details of the certificate. Click Accept to add the certificate to the truststores of all the nodes in the vRealize Log Insight cluster.
If you click
Cancel, the certificate is not added to the truststores and the connection with the Active Directory server fails. You must accept the certificate for a successful connection.
- Click Save.
If you did not test the connection and the Active Directory server provides an untrusted certificate, follow the instructions in step 9.
What to do next
Give permissions to Active Directory users and groups to access the current instance of
vRealize Log Insight.