thecloudxpert

Configuring Multi-Org Tenancy in vRA 8.x - Part 6: Configuring Tenant Administrators

vRealize Automation vRA Multi-Tenancy

Published on 2 October 2020 by Christopher Lewis. Words: 586. Reading Time: 3 mins.

Introduction

In this series of posts, we will be taking a look at how to configure a Multi-Organization Tenancy (aka Multi-Tenancy) in vRealize Automation (vRA) 8.x. In this post, we will tackle the configuration of new Tenant Adminsistrators within vRA 8.x multi-organization tenancy environment.

For more information on the rest of the posts in this series, click here .

What is a Tenant Administrator?

The Tenant Administrator is a role who is responsible for the configuration of the VMware Identity Manager (vIDM) solution for the tenant. This makes it role in vRA 8.x is significantly different to in vRA7.x because the Tenant Administrator role does not, by default, have any rights to the vRA Organisation/Tenant. The Tenant Administator is only granted ReadOnly Admin and Super Admin privilges within vIDM!

Configuring Tenant Administrators in vRA8 Multi-Organizational Tenancy

In the this section we’re going to be configuring a new Tenant Administrator in the MedTech Organization we created previously. This objective can be completed in two different ways through VMware vRealize Suite Lifecycle Manager (vRSLCM). We can choose to create a local (to the organization) system user or we can assign an existing system or directory user. To complete the later using Active Directory User accounts, we need to have configured at least one User Directory in the tenant.

Adding a Tenant Administrator to an Organization/Tenant


  1. Navigate to the vRSLCM homepage, https://vrslcm.fqdn.
  1. Enter the user credentils and click LOGIN.

Note: I’m using the admin@local account but you could also use any account with the appropriate privileges

  1. At the My Services screen, click Identity and Tenant Management.
  1. Click Tenant Management.
  1. At the Tenants screen, Click the MEDTECH Tenant.
  1. At the MEDTECH screen, Click CREATE TENANT ADMIN.
  1. At the Create Tenant Admin screen, enter the Username, First Name, Last Name, Email ID, and Password into the appropriate text boxes.
  1. Click CREATE TENANT ADMIN.
  1. There we have it we have created a new Tenant Administrator in the new Tenant we created previously!

Configuring an Existing user to be a Tenant Administrator in an Organization/Tenant


  1. Navigate to the vRSLCM homepage, https://vrslcm.fqdn.
  1. Enter the user credentils and click LOGIN.

Note: I’m using the admin@local account but you could also use any account with the appropriate privileges

  1. At the My Services screen, click Identity and Tenant Management.
  1. Click Tenant Management.
  1. At the Tenants screen, Click the MEDTECH Tenant.
  1. At the MEDTECH screen, Click SEARCH AND ASSIGN.
  1. At the Search and Assign screen, enter a Username into the Search for Users text boxes.
  1. Click SELECT.
  1. Click ASSIGN TENANT ADMIN.
  1. There we have it we have successfully added a new Tenant Admin User into the Tenant from within the User Directory!

Bringing it all together!

In this post we have covered a couple of ways to assign the Tenant Administrator role. We have covered:


  1. Creating a new Tenant Administrator user in the system domain.
  2. Assigning the Tenant Administrator role to an existing user within a vIDM User Directory.

It is important to remember that the Tenant Administrator role is a significantly different role than in previous versions of the product because multi-tenancy is also significantly different and therefore the required functions for thsi role are different. There is nothing stoping a Tenant Administrator also being granted a vRA Organization and vRA Service Role but these are not assigned by default. In addition, within vRA 8.x, you cannot assign the Tenant Administrator role to a group of users and I’m unsure whether this will change in future releases because, as I have said, the role is different now.

Published on 2 October 2020 by Christopher Lewis. Words: 586. Reading Time: 3 mins.


Blog Categories: VMware vRealize Automation
Related Post(s):
Recent Posts:

Blog Categories:
active directory 6 aria automation 6 aws 2 blog 1 career 1 certificate authority 5 certificates 1 certification 91 cloud management 1 cloudnativecon 1 community 1 fun 1 general 9 hands on labs 1 home lab 2 kubecon 1 kubernetes 1 microsoft 7 nsx 45 nsx v 41 powercli 8 powershell 6 professional 1 reviews 1 vcap 48 vcap6 2 vcenter server 4 vcix 2 vexpert 9 vmug 5 vmware 99+ vmware aria 1 vmware aria automation 6 vmware aria operations 1 vmware cloud 3 vmware cloud director 1 vmware explore 2 vmware identity manager 2 vmworld 36 vrealize automation 78 vrealize automation saltstack config 1 vrealize business 2 vrealize log insight 1 vrealize operations 1 vrealize operations manager 5 vrealize orchestrator 11 vrealize suite 14 vrealize suite lifecycle manager 20 vsan 5 vsphere 9 windows 6
Top Tags:
active directory 6 api 18 barcelona 24 certificates 15 certification 7 howto 42 microsoft 7 multi tenancy 9 nsx v 43 platform services controller 8 powercli 8 powershell 7 psc 6 vcap 8 vcap6 45 vcap6 cma 47 vcap6 nv 37 vcix6 nv 36 vexpert 19 vmug 8 vmware 99+ vmware aria 6 vmware aria automation 6 vmworld 35 vmworld 2016 13 vmworld 2017 9 vra 13 vrealize 7 vrealize automation 74 vrealize operations 8 vrealize orchestrator 20 vrealize suite lifecycle manager 11 vrslcm 20 vsan 7 vsphere 12