April 18, 2024

VMware Cloud Director has a brand new characteristic added in 10.4.1 launch which supplies flexibility to vary Identification Suppliers as per your alternative and comfort, with out shedding the assets assigned to the customers. VMware Cloud Director helps Light-weight Listing Entry Protocol (LDAP), Safety Assertion Markup Language (SAML) and OpenId Join (OIDC) protocols for authentication. You possibly can swap between these protocols or migrate to a distinct id supplier with ease by remapping current customers to their id in one other Identification Supplier. This weblog demonstrates the best way to use the person administration API to perform this.

Moreover, VMware Cloud Director has introduced the deprecation of assist for native customers beginning with 10.4.1 launch (release notes). VMware Cloud Director’s industry-compliant integrations with exterior Identification Suppliers provides advantages of most trendy and safe authentication schemes to its prospects. Prospects can avail all of the options similar to Two Issue Authentication/Multi Issue Authentication, biometric integrations, sensible card integrations, and so forth. with VMware Cloud Director. It additionally aids prospects staying updated with all future developments in authentication applied sciences.

Following is an instance to remap supplier (native) person to a SAML id supplier federation. As of VMware Cloud Director 10.4.1, remapping a person is accessible solely as an API characteristic. Thus, for all subsequent steps use an API shopper of your alternative. In my examples under, I’m utilizing Postman to carry out remapping.

Pre-requisite: Be sure that the Identification Supplier federation to which you wish to remap person to is precisely configured.

  1. Login to VMware Cloud Director as an administrator (tenant or system administrator) and establish the person you wish to remap. Right here, the person I’m remapping is ‘demouser’. This person is a neighborhood person.
  1. Login utilizing the API because the administrator; both utilizing their credentials (native or LDAP), IDP issued tokens (SAML or OAuth) or VMware Cloud Director’s API Token.
    API: POST “https”//api_host/cloudapi/1.0.0/classes” TextDescription automatically generated
  1. Retrieve the urn id of ‘demouser’ from query users API.
    API: GET “https://api_host/cloudapi/1.0.0/customers” TextDescription automatically generated
    Now, utilizing this urn id, fetch full data of the person. Check with Get User for extra perception on this API.
    API: GET “https://api_host/cloudapi/1.0.0/customers/urn:vcloud:person:bafe9a31-1810-4108-8754-3ece52a4e963”
  1. Copy full data of the person from earlier step and edit following properties to be used as physique of the next PUT request.
    • Replace the ‘username’ to mirror the person’s username within the new Identification Supplier. Whereas this instance exhibits a definite username getting used, it’s doable to have less complicated updates like switching from username to electronic mail tackle, and so forth.
    • Replace the ‘providerType’ based mostly on the kind of new Identification Supplier. New values of ‘providerType’ might be OIDC, SAML, LOCAL, LDAP.

    Ship PUT request for the person to be remapped. Check with update user for extra perception on this API.
    API: PUT “https://api_host/cloudapi/1.0.0/customers/urn:vcloud:person:bafe9a31-1810-4108-8754-3ece52a4e963”

The person ‘demouser’ has now been remapped to the tenant’s SAML id supplier and their username has been remapped to ‘[email protected]’.

Customers might be remapped from one IDP federation to a different utilizing the identical course of. In case you are remapping a person to ‘LOCAL’ supplier kind, along with updating the supplier kind replace password within the physique of PUT request.

In subsequent a part of this weblog collection, we are going to remap a tenant person.

Take a look at the entire newest enhancements in VMware Cloud Director 10.4.