Remap VMware Cloud DirectorTM customers to new Id Suppliers – Half 1: Supplier customers

VMware Cloud Director has a brand new characteristic added in 10.4.1 launch which supplies flexibility to alter Id Suppliers as per your selection and comfort, with out dropping the assets assigned to the customers. VMware Cloud Director helps Light-weight Listing Entry Protocol (LDAP), Safety Assertion Markup Language (SAML) and OpenId Join (OIDC) protocols for authentication. You possibly can change between these protocols or migrate to a special id supplier with ease by remapping current customers to their id in one other Id Supplier. This weblog demonstrates the best way to use the consumer administration API to perform this.

Moreover, VMware Cloud Director has introduced the deprecation of help for native customers beginning with 10.4.1 launch (release notes). VMware Cloud Director’s industry-compliant integrations with exterior Id Suppliers provides advantages of most trendy and safe authentication schemes to its prospects. Prospects can avail all of the options equivalent to Two Issue Authentication/Multi Issue Authentication, biometric integrations, sensible card integrations, and so forth. with VMware Cloud Director. It additionally aids prospects staying updated with all future developments in authentication applied sciences.

Following is an instance to remap supplier (native) consumer to a SAML id supplier federation. As of VMware Cloud Director 10.4.1, remapping a consumer is offered solely as an API characteristic. Thus, for all subsequent steps use an API consumer of your selection. In my examples beneath, I’m utilizing Postman to carry out remapping.

Pre-requisite: Ensure that the Id Supplier federation to which you wish to remap consumer to is precisely configured.

  1. Login to VMware Cloud Director as an administrator (tenant or system administrator) and determine the consumer you wish to remap. Right here, the consumer I’m remapping is ‘demouser’. This consumer is an area consumer.
  1. Login utilizing the API because the administrator; both utilizing their credentials (native or LDAP), IDP issued tokens (SAML or OAuth) or VMware Cloud Director’s API Token.
    API: POST “https”//api_host/cloudapi/1.0.0/classes” TextDescription automatically generated
  1. Retrieve the urn id of ‘demouser’ from query users API.
    API: GET “https://api_host/cloudapi/1.0.0/customers” TextDescription automatically generated
    Now, utilizing this urn id, fetch full info of the consumer. Confer with Get User for extra perception on this API.
    API: GET “https://api_host/cloudapi/1.0.0/customers/urn:vcloud:consumer:bafe9a31-1810-4108-8754-3ece52a4e963”
  1. Copy full info of the consumer from earlier step and edit following properties to be used as physique of the following PUT request.
    • Replace the ‘username’ to mirror the consumer’s username within the new Id Supplier. Whereas this instance exhibits a definite username getting used, it’s attainable to have easier updates like switching from username to e mail deal with, and so forth.
    • Replace the ‘providerType’ based mostly on the kind of new Id Supplier. New values of ‘providerType’ could possibly be OIDC, SAML, LOCAL, LDAP.

    Ship PUT request for the consumer to be remapped. Confer with update user for extra perception on this API.
    API: PUT “https://api_host/cloudapi/1.0.0/customers/urn:vcloud:consumer:bafe9a31-1810-4108-8754-3ece52a4e963”

The consumer ‘demouser’ has now been remapped to the tenant’s SAML id supplier and their username has been remapped to ‘[email protected]’.

Customers will be remapped from one IDP federation to a different utilizing the identical course of. In case you are remapping a consumer to ‘LOCAL’ supplier sort, along with updating the supplier sort replace password within the physique of PUT request.

In subsequent a part of this weblog collection, we’ll remap a tenant consumer.

Take a look at the entire newest enhancements in VMware Cloud Director 10.4.