Remap VMware Cloud Director™️ customers to new Identification Suppliers – Half 2: Tenant customers
Within the earlier weblog we remapped a supplier (native) consumer to a SAML identification supplier federation. On this weblog we are going to remap a tenant (native) consumer to a SAML identification supplier federation.
As of VCD 10.4.1 remapping a consumer is out there solely as an API characteristic. Thus, for all subsequent steps, use an API consumer of your alternative. In my examples under, I’m utilizing Postman to carry out remapping.
Pre-requisite: Make sure that the Identification Supplier federation to which you wish to remap consumer to is precisely configured.
- Login to VMware Cloud Director as an administrator (tenant or system administrator) and establish the consumer you wish to remap. Right here, the consumer I’m remapping is ‘testuser’. This consumer is an area consumer and owns one vApp named ‘Testuser vApp’ (as proven under).
- Login utilizing the API because the administrator; both utilizing their credentials (native or LDAP), IDP issued tokens (SAML or OAuth) or VCD’s API Token.
API: POST “https”//api_host/cloudapi/1.0.0/classes”
- Retrieve the urn id of ‘testuser’ from query users API.
API: GET “https://api_host/cloudapi/1.0.0/customers”
Now, utilizing this urn id, fetch full data of the consumer. Consult with Get User
API: GET “https://api_host/cloudapi/1.0.0/customers/urn:vcloud:consumer:746cf0d9-788b-4aef-9fba-76f2ce49d33c”
- Copy full data of the consumer from earlier step and edit following properties to be used as physique of the next PUT request.
- Replace the ‘username’ to mirror the consumer’s username within the new Identification Supplier. Whereas this instance exhibits a definite username getting used, it’s doable to have easier updates like switching from username to electronic mail handle, and many others.
- Replace the ‘providerType’ primarily based on the kind of new Identification Supplier. New values of ‘providerType’ may very well be OAUTH, SAML, LOCAL, LDAP.
Ship PUT request for the consumer to be remapped. Consult with update user for extra perception on this API.
API: PUT “https://api_host/cloudapi/1.0.0/customers/urn:vcloud:consumer:746cf0d9-788b-4aef-9fba-76f2ce49d33c”
The consumer ‘testuser’ has now been remapped to the tenant’s SAML identification supplier and its username has been remapped to ‘[email protected]’.
The remapped consumer can now login utilizing Single Signal On.
When logged in because the consumer after the change:
- The username proven in top-right nook is up to date to their new username
- The sources owned by this consumer stay unchanged.
Customers could be remapped from one IDP federation to a different utilizing the identical course of. In case you are remapping a consumer to ‘LOCAL’ supplier sort, along with updating the supplier sort replace password within the physique of PUT request.
Upcoming releases would come with enhanced functionalities for this characteristic for a clean transition.
You could find a demo video to remap a tenant consumer here.
