Got IDM to sync the Desktop pools of our environment into the App Catalog but it won't sync the entitlements with it. looking though the sync status I see errors like this:
Failed Sync Action: Could not entitle group with Id e1d44a4e-824f-481a-9f7e-d7a3cda6eb08 to resource Windows 10 General Purpose. Reason: group.not.found
Seems really weird seeing as the AD security groups that are entitled to these pools are being synced into IDM fine.
Anyone else run into this issue?
We found that global entitlements to AD groups don't sync with IDM 2.6, 2.7, or 2.7.1. I opened a case with VMware and was provided a patch that resolves the issue. The appliance now shows as 2.7.1.1. The issue is supposed to be resolved IDM 2.8.
We found that global entitlements to AD groups don't sync with IDM 2.6, 2.7, or 2.7.1. I opened a case with VMware and was provided a patch that resolves the issue. The appliance now shows as 2.7.1.1. The issue is supposed to be resolved IDM 2.8.
Thanks for the update. That does appear to be what the issue is. As soon as I entitled the pool directly to a user it imported fine into IDM. Very strange that there is no published KB on this as that is a pretty big bug. Do you happen to have your SR number handy that I can pass along to VMware support on our SR for reference?
It was SR 16213711508. I don't know why there isn't a KB on this...as no one could be running this feature in production with this kind of bug.
Was having the same issue, I found if I add the groups that users are in to the directory config and then sync the view pools it works. No patch needed so far. Now if I could figure out how to log in using a UPN rather than username I'd be golden.
In our case the groups were configured to sync in the directory config. For regular pool entitlements, everything synced without issue. However, global entitlements wouldn't sync with IDM. VMware support confirmed it is a bug.
and I'm on a it tonight lol, change the PasswordIdpAdapter SAML Name-Id Format to UserPrincipalName
Aww, good to know
I actually tried that method as well @chadc1979 , and it actually did not work for me, even for a fresh install of the IDM appliance. Definitely seems flaky at best for the time being.
Found a workaround after upgrading to 2.8 and still having the issue. If i change the AD groups to a Universal security group versus a global security group it will sync the entitlement of the group in Identity Manager.