Hi Guys,
Anyone know where can I change password for local users (example: the tenant admins) created on vRealize Automation 7?
Understand that the password for these users (including administrator@vsphere.local) will expired in 90 days after first creation, any way to marked password to not expired?
Thanks in advanced!
JT
Same problem here. I can not figure out how to change a local user password or how to add a local user to a local group.
Anyone?
Thanks
Sadly, I found the worst answer: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=21454...
D.
Try PowerVRA. Remember this is not supported tool to change this password.
Hi Rangjna,
Have you tried this? I have automated all processes in vRA 6.2 using the API but in vRA 7.x all user management related calls doesn't work if you are using vIDM. If you change to SSO, all API calls start working again.
I don't want to change the configuration to use SSO in vRA7.x. I suppose that, for the moment, embedded vIDM is NOT to use.
D.
I tried this with 7.0....you can try this step by step (If it works, do let me know as well)
Virtualization The Future: Use PowervRA to Manage the VMware vRA 7.x
To clarify... changing the password is supported, we just don't provide support for PowervRA. The API is there to do this, and if Powershell is your weapon of choice then that is fine.
Hey,
As Grant said - the functionality exists in the API, all that PowervRA is doing is comsuming it. So if you wanted to go down that route, here is a link to the Set-vRAUserPrincipal docs: http://powervra.readthedocs.io/en/latest/Set-vRAUserPrincipal
🙂
Hi Craig and Grant,
I cannot use PowervRA but I can use the API directly. I've seen the VMware vRealize Automation 7 Complete.json.postman_collection and I managed to get:
. all users of a tenant -> https://{{vra-fqdn}}/identity/api/authorization/tenants/{{tenantId}}/principals
. all groups of a tenant -> https://{{vra-fqdn}}/identity/api/tenants/{{tenantId}}/groups
But there is no information of how to do the following things:
. Change a user's password
. Update user's information
. Add user to a group (but it shows how to remove a user from a group)
. How to force AD data collection
Have you any proper documentation of the vRA 7 API you can show me? The online documentation is a little bit short.
As I've said before, I have a fully automated vRA 6.2 (SSO) environment and I'm having a hard time to port this to vRA 7 with vIDM (so my clients).
Thanks a lot!
D.
You can modify a user by doing:
PUT /identity/api/tenants/{{tenant}}/principals/users@vsphere.local
with a body of
{
"firstName": "user",
"lastName": "user",
"emailAddress": "userr@vsphere.local",
"description": "userr",
"locked": false,
"disabled": false,
"password": null,
"principalId": {
"domain": "vsphere.local",
"name": "user"
},
"tenantName": "tenant",
"name": "user"
}
You update the fields that you want to change then send the request.
Sync is done with another api...but you have to do some reverse engineering to get hold of all of the calls (not sure if it's supported)
/SAAS/jersey/manager/api/connectormanagement/directoryconfigs/{{dirid}}/syncprofile/sync
/SAAS/jersey/manager/api/connectormanagement/directoryconfigs/{{dirid}}/syncexecutions?pageSize=1&startIndex=0
Great Craig, thanks!
It will be really good to get the complete API documentation
Thanks a lot.
D.
Have you checked out this?
https://{{vra-appliance}}/component-registry/services/docs
It's fairly comprehensive however doesn't have the vIDM stuff you are looking for.
Good luck 🙂
I noticed that the online API documentation seems to have improved for 7.1 over previous versions:
vRealize Automation 7.1 Information Center
Thanks Jmedd, it is much better now. I will check it.
Thanks,
D.
This is an overwhelming experience!
According to the docs (not all calls has an example):
/api/tenants/{tenantId}/groups/{groupId}
POST
Add users/grops to a parent group.
Adds a set of groups and users to a parent group. Each group and element must be already existing, otherwise the request will fail. This request will append the provided relations to the already existing ones.
But I get "Access Denied"!
Every step into vIDM integration in vRA7 is very hard. I'm running out of time. I guess that I need to wait for vRA 7.2.
D.
bdamian that doesn't work with "built-in" groups (such as vcoadmins). A new group will allow you to do this.