VMware Cloud Community
dscottimw
Enthusiast
Enthusiast
Jump to solution

Orchestrator Security and Authentication

I have installed Orchestrator on a vm that is separate from my vCenter servers ( have several and some of them are linked).  When I did the install I set it up to use AD for authentication.  I assigned a group to which I am a member as the administrative group.  Now I want to grant access to another group so they can manage their own workflows etc.  They have rights in vCenter to manipulate vm's in a particular cluster.  They can login to vCenter with no issues and work with their vm's.  However when they attempt to login to the orchestrator client they are denied. 

I am using ESXi 5, vCenter 5 update 1, and Orchestrator 4.2.1 build 555.

Is there another place I'm suposed to set permissions for this group so they can be "users"?

Thanks

Dan

Dan Scotti
Reply
0 Kudos
1 Solution

Accepted Solutions
igaydajiev
VMware Employee
VMware Employee
Jump to solution

Not sure if you have already done it but you also need to specify the access rights for the new group in context of vCO.

Go to "My Orchestrator/Permissions" click "Add Access Rights" and search for the new group that you want to add.

Specify the Access Rights and click "Select".

vCOPermissions.png

You can also take a look here http://communities.vmware.com/message/1616865.

Hope this helps!

View solution in original post

Reply
0 Kudos
4 Replies
igorstoyanov
VMware Employee
VMware Employee
Jump to solution

It looks like you have setup admin group but have you set up a "Group Lookup Base" or a "User Lookup Base" as explained in the documentation:

http://pubs.vmware.com/vsphere-50/topic/com.vmware.vsphere.vco_install_config.doc_42/GUID344A8F13-5D...

Visit http://blogs.vmware.com/orchestrator for the latest in Cloud Orchestration.
dscottimw
Enthusiast
Enthusiast
Jump to solution

Thanks Igor for the reply.  I do have both a group base and user base configured.  I've had them since day one.  Any other thoughts?

Also I'm not using ssl or the global catalog.

Dan Scotti
Reply
0 Kudos
igaydajiev
VMware Employee
VMware Employee
Jump to solution

Not sure if you have already done it but you also need to specify the access rights for the new group in context of vCO.

Go to "My Orchestrator/Permissions" click "Add Access Rights" and search for the new group that you want to add.

Specify the Access Rights and click "Select".

vCOPermissions.png

You can also take a look here http://communities.vmware.com/message/1616865.

Hope this helps!

Reply
0 Kudos
dscottimw
Enthusiast
Enthusiast
Jump to solution

Thanks igaydajiev.   That was what I was missing.  I had added them under Authorizations not My Orchestator. 

Dan Scotti
Reply
0 Kudos