Within the earlier weblog we remapped a supplier (native) person to a SAML identification supplier federation. On this weblog we are going to remap a tenant (native) person to a SAML identification supplier federation.
As of VCD 10.4.1 remapping a person is obtainable solely as an API function. Thus, for all subsequent steps, use an API consumer of your alternative. In my examples under, I’m utilizing Postman to carry out remapping.
Pre-requisite: Make certain the Id Supplier federation to which you wish to remap person to is precisely configured.
- Login to VMware Cloud Director as an administrator (tenant or system administrator) and establish the person you wish to remap. Right here, the person I’m remapping is ‘testuser’. This person is an area person and owns one vApp named ‘Testuser vApp’ (as proven under).
- Login utilizing the API because the administrator; both utilizing their credentials (native or LDAP), IDP issued tokens (SAML or OAuth) or VCD’s API Token.
API: POST “https”//{api_host}/cloudapi/1.0.0/periods”
- Retrieve the urn id of ‘testuser’ from question customers API.
API: GET “https://{api_host}/cloudapi/1.0.0/customers”
Now, utilizing this urn id, fetch full info of the person. Consult with Get Person
API: GET “https://{api_host}/cloudapi/1.0.0/customers/urn:vcloud:person:746cf0d9-788b-4aef-9fba-76f2ce49d33c”
- Copy full info of the person from earlier step and edit following properties to be used as physique of the next PUT request.
- Replace the ‘username’ to replicate the person’s username within the new Id Supplier. Whereas this instance reveals a definite username getting used, it’s doable to have easier updates like switching from username to e-mail handle, and so on.
- Replace the ‘providerType’ primarily based on the kind of new Id Supplier. New values of ‘providerType’ could possibly be OAUTH, SAML, LOCAL, LDAP.
Ship PUT request for the person to be remapped. Consult with replace person for extra perception on this API.
API: PUT “https://{api_host}/cloudapi/1.0.0/customers/urn:vcloud:person:746cf0d9-788b-4aef-9fba-76f2ce49d33c”
The person ‘testuser’ has now been remapped to the tenant’s SAML identification supplier and its username has been remapped to ‘testuser@tenantorg.com’.
The remapped person can now login utilizing Single Signal On.
When logged in because the person after the change:
- The username proven in top-right nook is up to date to their new username
- The sources owned by this person stay unchanged.
Customers may be remapped from one IDP federation to a different utilizing the identical course of. If you’re remapping a person to ‘LOCAL’ supplier sort, along with updating the supplier sort replace password within the physique of PUT request.
Upcoming releases would come with enhanced functionalities for this function for a easy transition.
Yow will discover a demo video to remap a tenant person right here.
