Within the earlier weblog we remapped a supplier (native) consumer to a SAML identification supplier federation. On this weblog we’ll remap a tenant (native) consumer to a SAML identification supplier federation.
As of VCD 10.4.1 remapping a consumer is offered solely as an API function. Thus, for all subsequent steps, use an API shopper of your selection. In my examples under, I’m utilizing Postman to carry out remapping.
Pre-requisite: Ensure the Identification Supplier federation to which you wish to remap consumer to is precisely configured.
- Login to VMware Cloud Director as an administrator (tenant or system administrator) and establish the consumer you wish to remap. Right here, the consumer I’m remapping is ‘testuser’. This consumer is an area consumer and owns one vApp named ‘Testuser vApp’ (as proven under).
- Login utilizing the API because the administrator; both utilizing their credentials (native or LDAP), IDP issued tokens (SAML or OAuth) or VCD’s API Token.
API: POST “https”//{api_host}/cloudapi/1.0.0/classes”
- Retrieve the urn id of ‘testuser’ from question customers API.
API: GET “https://{api_host}/cloudapi/1.0.0/customers”
Now, utilizing this urn id, fetch full info of the consumer. Discuss with Get Consumer
API: GET “https://{api_host}/cloudapi/1.0.0/customers/urn:vcloud:consumer:746cf0d9-788b-4aef-9fba-76f2ce49d33c”
- Copy full info of the consumer from earlier step and edit following properties to be used as physique of the next PUT request.
- Replace the ‘username’ to replicate the consumer’s username within the new Identification Supplier. Whereas this instance reveals a definite username getting used, it’s attainable to have easier updates like switching from username to e mail tackle, and so forth.
- Replace the ‘providerType’ primarily based on the kind of new Identification Supplier. New values of ‘providerType’ may very well be OAUTH, SAML, LOCAL, LDAP.
Ship PUT request for the consumer to be remapped. Discuss with replace consumer for extra perception on this API.
API: PUT “https://{api_host}/cloudapi/1.0.0/customers/urn:vcloud:consumer:746cf0d9-788b-4aef-9fba-76f2ce49d33c”
The consumer ‘testuser’ has now been remapped to the tenant’s SAML identification supplier and its username has been remapped to ‘testuser@tenantorg.com’.
The remapped consumer can now login utilizing Single Signal On.
When logged in because the consumer after the change:
- The username proven in top-right nook is up to date to their new username
- The sources owned by this consumer stay unchanged.
Customers might be remapped from one IDP federation to a different utilizing the identical course of. In case you are remapping a consumer to ‘LOCAL’ supplier kind, along with updating the supplier kind replace password within the physique of PUT request.
Upcoming releases would come with enhanced functionalities for this function for a easy transition.
You will discover a demo video to remap a tenant consumer right here.
