vRealize Automation 7 (vRA 7) has lot of enhancements and changes compare with vRA 6. There are plenty of introductions available in internet. The initial configuration is different with vRA 6. I’m going to share my experience. You can easily build up LAB or POC by following this post.
[do_widget “Language Switcher” wrap=aside title=false]
In the last step of installation wizard, I don’t select the option to create initial contents. The pre-build initial contents somehow confused me. So once the installation is completed, you should login by the account administrator. It’s same function with SSO administrator account of vRA 6.
Edit the default tenant after login.
Add a new account in Local users tab.
Search the account and add it to both tenant and IaaS administrators role in Administrators tab.
Logout and login by the new account.
Go to Administration -> Directories Management -> Directories. Add a new directory.
The Active Directory (Integrated Windows Authentication) option does not work for me. It always gives me error message below.
Connector communication failed because of invalid data: The specified Bind DN and password could not be used to successfully authenticate against the directory.
Go to next page. Make sure you select the proper domain.
The next page show attribute mapping of VMware Identity Manager and Active Directory. You can keep it default setting unless you want to bring some special attribute from AD to VIM.
The next page you can select groups you want to sync from AD to VMware Identify Manager. Since vRealize Automation 7 retrieves credentials from VMware Identify Manager instead of Active Directory directly. So it’s better you select all groups you may want to use on vRA in future.
For example, my domain groups locate in contoso.com/Customized/Groups/, the group DN is OU=Groups,OU=Customized,DC=CONTOSO,DC=COM.
Click Find Groups button after that. vRA shows you groups it find. Then click the More than xxxx link below to find and select groups if you want to sync particular groups, or you can just check Select All option to sync all groups under the DN.
Following screenshot shows how to select particular group after click More than xxx option on above screenshot.
Next page requests you input the DN that contains domain account that you want to sync, similar like group DN.
You may see warning below if you are syncing a large Active Directory. Choose according to your reality.
Logout and login again by Administrator@vsphere.local once the initial syncing is completed.
Go to Tenants again to adding domain groups or users to Administrators group.
Now the vRealize Automation 7 is ready to go with full administrator permission by domain account.