[VMC on AWS] Remove Stale JIT Users
Article ID: 334983
Updated On:
Products
VMware Cloud on AWS
VMware Cloud on Dell EMC
Issue/Introduction
To provide a workaround to release the stale JIT users from the VMC vCenter.
Symptoms:
An Identity Source was previously created (or is still created) in the VMC vCenter to allow JIT users access into the vCenter. After removing specific users from the OnPrem Active Directory, the JIT users are still showing under the "Users and Groups" section of the VMC vCenter. When attempting to manually remove the stale JIT users, even when using cloudadmin, the option to "Delete" is greyed out.
Symptoms:
An Identity Source was previously created (or is still created) in the VMC vCenter to allow JIT users access into the vCenter. After removing specific users from the OnPrem Active Directory, the JIT users are still showing under the "Users and Groups" section of the VMC vCenter. When attempting to manually remove the stale JIT users, even when using cloudadmin, the option to "Delete" is greyed out.
Resolution
As it is not possible to remove these users, even when using cloudadmin, we will want to resync the Identity Source to try and release these stale JIT users. Please do this by editing the current Identity Source, typing in the password for the user, and clicking "Save". Once that is done, confirm if the stale JIT users have been released from the Users and Groups section.
If the users are still visible after attempting the step above, please file a Support Request with VMC Global Support (Creating and managing Broadcom support cases) to manually remove the stale JIT users.
Please provide the below information when filing the Support Request:
- SDDC ID
- List of stale JIT users that must be removed
Additional Information
Impact/Risks:
There is no impact to the VMC vCenter or VMC Infrastructure.
There is no impact to the VMC vCenter or VMC Infrastructure.
Feedback
Yes
No
Powered by
