Within the earlier weblog we remapped a supplier (native) person to a SAML id supplier federation. On this weblog we are going to remap a tenant (native) person to a SAML id supplier federation.
As of VCD 10.4.1 remapping a person is obtainable solely as an API characteristic. Thus, for all subsequent steps, use an API consumer of your alternative. In my examples beneath, I’m utilizing Postman to carry out remapping.
Pre-requisite: Be sure the Id Supplier federation to which you need to remap person to is precisely configured.
- Login to VMware Cloud Director as an administrator (tenant or system administrator) and establish the person you need to remap. Right here, the person I’m remapping is ‘testuser’. This person is a neighborhood person and owns one vApp named ‘Testuser vApp’ (as proven beneath).
- Login utilizing the API because the administrator; both utilizing their credentials (native or LDAP), IDP issued tokens (SAML or OAuth) or VCD’s API Token.
API: POST “https”//{api_host}/cloudapi/1.0.0/classes”
- Retrieve the urn id of ‘testuser’ from question customers API.
API: GET “https://{api_host}/cloudapi/1.0.0/customers”
Now, utilizing this urn id, fetch full data of the person. Confer with Get Consumer
API: GET “https://{api_host}/cloudapi/1.0.0/customers/urn:vcloud:person:746cf0d9-788b-4aef-9fba-76f2ce49d33c”
- Copy full data of the person from earlier step and edit following properties to be used as physique of the following PUT request.
- Replace the ‘username’ to replicate the person’s username within the new Id Supplier. Whereas this instance reveals a definite username getting used, it’s potential to have less complicated updates like switching from username to e-mail deal with, and so on.
- Replace the ‘providerType’ primarily based on the kind of new Id Supplier. New values of ‘providerType’ might be OAUTH, SAML, LOCAL, LDAP.
Ship PUT request for the person to be remapped. Confer with replace person for extra perception on this API.
API: PUT “https://{api_host}/cloudapi/1.0.0/customers/urn:vcloud:person:746cf0d9-788b-4aef-9fba-76f2ce49d33c”
The person ‘testuser’ has now been remapped to the tenant’s SAML id supplier and its username has been remapped to ‘testuser@tenantorg.com’.
The remapped person can now login utilizing Single Signal On.
When logged in because the person after the change:
- The username proven in top-right nook is up to date to their new username
- The sources owned by this person stay unchanged.
Customers will be remapped from one IDP federation to a different utilizing the identical course of. In case you are remapping a person to ‘LOCAL’ supplier kind, along with updating the supplier kind replace password within the physique of PUT request.
Upcoming releases would come with enhanced functionalities for this characteristic for a clean transition.
You will discover a demo video to remap a tenant person right here.
