Sadly, I found the worst answer: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=21454...

D.

Try PowerVRA. Remember this is not supported tool to change this password.

Hi Rangjna,

Have you tried this? I have automated all processes in vRA 6.2 using the API but in vRA 7.x all user management related calls doesn't work if you are using vIDM. If you change to SSO, all API calls start working again.

I don't want to change the configuration to use SSO in vRA7.x. I suppose that, for the moment, embedded vIDM is NOT to use.

D.

I tried this with 7.0....you can try this step by step (If it works, do let me know as well)

Virtualization The Future: Use PowervRA to Manage the VMware vRA 7.x

To clarify... changing the password is supported, we just don't provide support for PowervRA. The API is there to do this, and if Powershell is your weapon of choice then that is fine.

Hi Craig and Grant,

I cannot use PowervRA but I can use the API directly. I've seen the VMware vRealize Automation 7 Complete.json.postman_collection and I managed to get:

. all users of a tenant -> https://{{vra-fqdn}}/identity/api/authorization/tenants/{{tenantId}}/principals

. all groups of a tenant -> https://{{vra-fqdn}}/identity/api/tenants/{{tenantId}}/groups

But there is no information of how to do the following things:

. Change a user's password

. Update user's information

. Add user to a group (but it shows how to remove a user from a group)

. How to force AD data collection

Have you any proper documentation of the vRA 7 API you can show me? The online documentation is a little bit short.

As I've said before, I have a fully automated vRA 6.2 (SSO) environment and I'm having a hard time to port this to vRA 7 with vIDM (so my clients).

Thanks  a lot!

D.

You can modify a user by doing:

PUT /identity/api/tenants/{{tenant}}/principals/users@vsphere.local

with a body of

{

    "firstName":  "user",

    "lastName":  "user",

    "emailAddress":  "userr@vsphere.local",

    "description":  "userr",

    "locked":  false,

    "disabled":  false,

    "password":  null,

    "principalId":  {

                        "domain":  "vsphere.local",

                        "name":  "user"

                    },

    "tenantName":  "tenant",

    "name":  "user"

}

You update the fields that you want to change then send the request.

Sync is done with another api...but you have to do some reverse engineering to get hold of all of the calls (not sure if it's supported)

/SAAS/jersey/manager/api/connectormanagement/directoryconfigs/{{dirid}}/syncprofile/sync

/SAAS/jersey/manager/api/connectormanagement/directoryconfigs/{{dirid}}/syncexecutions?pageSize=1&startIndex=0

Great Craig, thanks!

It will be really good to get the complete API documentation

Thanks a lot.

D.

Have you checked out this?

https://{{vra-appliance}}/component-registry/services/docs

It's fairly comprehensive however doesn't have the vIDM stuff you are looking for.

Good luck 🙂

I noticed that the online API documentation seems to have improved for 7.1 over previous versions:

vRealize Automation 7.1 Information Center

Thanks Jmedd, it is much better now. I will check it.

Thanks,

D.

This is an overwhelming experience!

According to the docs (not all calls has an example):

/api/tenants/{tenantId}/groups/{groupId}

POST

Add users/grops to a parent group.

Adds a set of groups and users to a parent group. Each group and element must be already existing, otherwise the request will fail. This request will append the provided relations to the already existing ones.

But I get "Access Denied"!

Every step into vIDM integration in vRA7 is very hard. I'm running out of time. I guess that I need to wait for vRA 7.2.

D.

bdamian‌ that doesn't work with "built-in" groups (such as vcoadmins). A new group will allow you to do this.