VCF Automation Organization integration with OIDC (OpenID Connect) vIDB
search cancel

VCF Automation Organization integration with OIDC (OpenID Connect) vIDB

book

Article ID: 424507

calendar_today

Updated On:

Products

VCF Automation

Issue/Introduction

The VCF Automation Provider Organization can be configured to use the new VCF Single-Sign on (SSO) feature, which is a capability of VCF Operations and utilizes a deployment of vIDB.

While you can connect the VCFA Provider Organization directly to an external IDP, by using VCF SSO, administrators can now seamlessly login to all VCF management components. Provided, the user has the necessary permissions within each component. 

Environment

VCF Automation  9.x

Resolution

Step 1 - Ensure VCF SSO has already been configured and enabled for the VCF Automation instance within VCF Operations.

Step 2 - Create a new VCF Automation Organization in the provider portal and then launch the newly created organization portal 

             Navigate to Administer->Connections->Identity Providers and and make a note of the OIDC Client Redirect URL

Step 3 -  Login to the VCF Operations (VCFOps) and navigate to Fleet Management->Identity & Access->VCF Other Components and create a new client.

Provide a friendly name for the client and enter the OIDC Client Redirect URL from the previous step and then click on generate OIDC Client and make a note of the Identity Broker Issuer URL, Client ID, Client Secret and then click on the save button to complete the wizard.

Step 4 - Login to the VCF Automation Organization portal and Navigate to Administer->Connections->Identity Providers and click on the configure button to begin the setup.

Enter the OIDC Client ID/Secret from Step 3 as well as the Identity Broker Issuer URL as IDP Well-Known address and append /.well-known/openid-configuration to end.

In the example below, the vIDB Issuer URL is   https://VCFA_HOSTNAME/acs/t/CUSTOMER and the final URL should be https://VCFA_HOSTNAME/acs/t/CUSTOMER/.well-known/openid-configuration  as mentioned in the screenshot below.

Use the defaults for the remainder section and for the Claims Mapping section, change the Subject to use the value acct (Account) and leave the rest as defaults and complete the configuration.

Step 5 - Import users or groups into the VCF Organization via Administer > Access Control. Specify individual users or groups using the fully qualified domain name (e.g., [email protected])

Step 6 - Open an incognito window and navigate to the VCF Automation instance. Specify the target organization. On the OIDC login page, click 'Login' and it will automatically redirect to the configured Provider Organization's IDP.

Step 7 - Verify, if the login is successful post configuration.

 

 

Powered by Wolken Software