Users attempting to log in with a domain account to Aria Automation encounters 403 error if they have not been granted a role in Identity and Access Management (IAM).

This issue occurs within environments where Aria Automation is integrated with vIDM (VMware Identity Manager) configured to use LDAP as a source.

Access attempts are made via the Aria automation UI hosted at https://your_vRA_FQDN

The root cause of the issue lies in the role-based access control configuration within Aria Automation.

When a user attempts to log in with a domain account before being assigned a role in IAM, the system denies access with a 403 error. This is because the user lacks the necessary permissions to access resources or perform actions within Aria Automation.

To resolve this issue, follow these steps:

1. 1. When logging in to Aria Automation for the first time or after configuration changes, make sure to select the "System Domain" when prompted by vIDM. This ensures that initial administrative access is granted correctly.

   2. Use the configuration administrator credentials noted in vRSLCM (vRealize Suite Lifecycle Manager) under globalenvironment to log in initially. This user should have sufficient privileges to configure roles and permissions within vRA for users.
      
      

   3.  Navigate to Identity and Access Management (IAM) within Aria Automation. Assign the appropriate roles to users from vIDM Workspace One.

   4. Ensure that users are assigned organization roles (Organization Owner, Organization Member), service roles (Cloud Assembly Administrator/User/Viewer, Service Broker Administrator/User/Viewer, Code Stream Administrator/User/Viewer), and project roles as needed.

• The roles defined in Aria Automation (organization, service, and project roles) govern user access and permissions across different functionalities like Cloud Assembly, Service Broker, and Code Stream.
• Understanding and properly configuring these roles is essential for effective user management and resource utilization within Aria Automation.
• By following these steps, users should be able to log in successfully to Aria Automation without encountering 403 error, provided they have been appropriately granted roles in Identity and Access Management (IAM).