vIDM VMware VRA vRealize Suite by Amr Abdelshafi

How to Deploy VMware vRealize Suite in one day using vRLCM Part (3) Configure vIDM

After successfully deploying vIDM in the last blog, now its time for the initial \essential configuration to prepare vIDM before deploying the rest of the vRealize Suite products that will integrate with it.

1- Login and configure SMTP

Open on any browser with vIDM FQDN, and log in using System Domain admin user that was created during the installation process.

Next Open Administration console to start configuring vIDM

Top right corner click on user name > Administration Console

Under the Appliance Settings tab, we can configure SMTP

2- Add AD as an identity provider

First, we will require an active directory service account to join vIDM connector to the AD

VIDM Connector is VIDM component that provides directory integration for user authentication and integration. One VIDM connector is 1-to-1 mapping per domain. VIDM appliance is shipped with an internal connector, also can be deployed as an appliance or can be installed on a windows machine.

In Identity & Access Management tab > switch to Setup mode
Press Join
In Join Domain wizard, enter domain details and Domain user should be just user name as the picture below
failed to join the domain due to permission

The service account needs a delegation to create/delete objects in Computers OU in AD.

After delegation the connector successfully joined domain

Go back to Manage mode

In Directories tab > Add Directory > Add Active Directory over LDAP/IWA
Enter Directory Name and select AD (integrated Windows Authentication)
Here I have added the service account created before for domain admin and Bind User
Successfully connected, now you can choose Domains to sync (this is useful if you have multiple domain in your AD forest)
Mapp User Arrributes, only change if you have custom AD attributes created
I have created an AD group to be sync different users in bulk (to get DN > open ADSI > navigate to group > right click and open properties )
I haven’t synced any users > now we can sync directory

After sync we can note group is synced but synced users are null
After checking the Groups in Users and Groups tab, found group is synced by users aren’t
Select group > sync Users Bottom
Now the user is ready to sync but building safeguard rules prevent adding more than 5% change

You can Ignore Safeguard manually for this instance only or change the sync setting

Identity tab > Directory > select Directory > select Sync Settings
Change Sync Frequency “once per day” instead of “once per week”
change Safeguards setting as follows

Group users are synced now and can log in with AD user

vIDM custom branding

Here will customize user login experience with the company’s name and logo

Custom Branding is located in setup mode of the Identity & Access Management tab

Here I’ve changed the web browser title with CloudWhales (company name) | Identity Manager (Product Name)

logo can be also changed but I opted not to change it

Next tab is Sign-in Screen logo

Now we can check log in experience after changing to custom branding

System domain log in
AD Log in

Next up is deploying the rest of vRealize Suite products, will start with vRealize Automation

Written by,

Amr Abdelshafi

Leave a Reply

Your email address will not be published. Required fields are marked *