Resetting VMware Identity Manager Default Configuration Admin password

Products

VMware

Issue/Introduction

This article includes different alternatives to update the Default Configuration Admin password

Using an Email server
Via Rest API from Command Line Interface (CLI) and curl
Via Rest API using Postman

The VMware Identity Manager local user, Default Configuration Admin, is locked due to an incorrect password or it is required to change the password

Day 2 actions (upgrades, inventory sync, etc) VMware Aria Suite Lifecycle fails with the error LCMVIDM70000

Environment

VMware Identity Manager 3.3.x
VMware Identity Manager 2.x

Cause

The user has forgotten the password or it is locked
The Default Configuration Admin account is created by VMware Aria Suite Lifecycle (vRealize Suite Lifecycle Manager) with the Roles of Readonly Admin and Super Admin role, because of this the password reset is not possible from Horizon

Resolution

Prerequisite

Validate the Default Configuration Admin username in the globalenvironment in VMware Aria Suite Lifecycle 8.x (vRealize Suite Lifecycle Manager)

Procedures

This article includes different alternatives to update the Default Configuration Admin password

Using Email Server.
Via API from Command Line Interface (CLI) using curl commands
Via API using Postman

To reset the Default Configuration Admin password follow the next steps:

1. Using the Email Server

Login to the vIDM console using the admin user or an administrator
Add or validate you have an Email Server

Select User and Groups, then the Default Configuration Admin username and then click on Reset the password, the administrator email will receive the steps to reset the password
Please follow the steps indicated in the Next Steps section of this article

2. Via API from Command Line Interface (CLI) using curl commands

Obtain a Bearer Token from the UI:
1. Login to vIDM as admin
2. Open the client browser DevTools by pressing F12
Capture the Bearer Token by navigating to Application> Cookies > [htttps://vidm] > HZN
Obtain the Default Configuration Admin username id
1. Search in the vIDM UI the Default Configuration User and select it
2. Find and copy the username id from the URL of the browser
SSH to VMware Aria Suite Lifecycle or a Linux server in order to execute the curl commands
Run the command to update the password

curl -k --location --request PATCH 'https://ID1/SAAS/jersey/manager/api/scim/Users/ID4' \
--header 'Authorization: Bearer ID2' \
--header 'Content-Type: application/json' \
--data-raw '{"password":"ID5"}'

Considering:

ID1: vIDM FQDN
ID2: Cookie or Bearer Token obtained on step 2.2
ID4: Default Configuration Admin id obtained on step 3.2
ID5: new password value

Please follow the steps indicated in the Next Steps section of this article

3. Via API using Postman

Capture the Bearer token and Default Configuration Admin username ID following steps from 1 to 3
In Postman, select the plus sign to create a new request
Change the method to Patch
Add the following REST API: https://ID1/SAAS/jersey/manager/api/scim/Users/ID4

Where:
- ID1: vIDM FQDN.
- ID4: Default Configuration Admin id obtained on step 2.3

In the Params add the following parameters

Key: Accept Value: application/json
Key: Content-Type Value: application/json

Click on Authorization, in type select Bearer token.
Paste HZN value captured in step 2.2 in the Token field.
Click on Body, then select raw and JSON as format. Type the following
```
{ "password": "ID5" }
```