Workspace ONE Access (vIDM) authentication is failing in Aria Operations for Logs (vRLI)
Article ID: 407457
Updated On:
Products
Issue/Introduction
Unable to login to Aria Operation for Logs with Workspace One authentication.
Workspace ONE Access - Test Connection will show Succeeded, but Status will show DISCONNECTED.
runtime.log may show a combination of the following error messages.
[com.vmware.loginsight.aaa.vidm.VIDMConnector] [Could not retrieve OAuth Access Token. hostname ..
Authentication fails: wrong credential provided, or the user is not the tenant admin. :: {{ ..
Received unexpected response from Workspace ONE Access instance. Domain ..
{"result":"Workspace ONE Access authentication test failed."}
Could not set configuration for Workspace One Access integration token is incorrect or the user is not tenant admin and does not have permissions to create oauth2clients. .... User is not authorized to perform task.
Environment
VMware Aria Operations for Logs 8.18.x
Cause
Account used for the integration to VIDM was a normal user instead of a Domain Admin. The user or the group of users needs to be assigned to the Domain Admin Role to the service account in VIDM and reconfigure the integration again.
From within the vIDM portal, the particular user may be showing the role as User. It needs to be Admin.
Resolution
From within the vIDM Identify Manager portal, use the Roles - search bar to search for the specific user or user group. Edit or add the user to a Directory Admin group. After that, reconfigure the Workspace One from the Log Insight - Workspace One UI.
Additional Information
The following steps attempted but did not resolve the issue:
- SSL certificates have been re-validated on both the vRLI and vIDM instances.
- All certificate dates are valid and indicating future dates.
- All vRLI cluster nodes have been rebooted.
- The vIDM appliance(s) have been rebooted.
- Rebuild TrustStore on all nodes.
Feedback
