Two years ago, I wrote a similar article around vCAC's embedded vCO but a lot has changed since then so those older steps no longer apply. This brief article will quickly walk you through the steps required to allow vRealize Automation 7.0/7.1/7.2's embedded vRealize Orchestrator to allow Active Directory Domain accounts login to the vRO Client.

 

Pre-Requisites

This article assumes the following:

  • vRealize Automation 7.0-7.2 is installed and configured (NOTE: This has not been tested with 7.3!)
  • vRealize Orchestrator (embedded) is configured to use vRealize Automation as Authentication source
  • At least one Active Directory domain has been configured in vRA (Administration -> Directories Management -> Directories)

Custom Group

custom_group.png

Although the vRA vIDM instance already contains a vcoadmins group by default with the This email address is being protected from spambots. You need JavaScript enabled to view it. account as a member, there is not an obvious way (that I've found) to modify the group membership. As a result of this, we must first create a new group that we can manage. This can be done as follows:

  1. Log in to vRA as a Tenant Admin (in this instances, we are using the cloudadmin account)
  2. Go to Administration -> Users & Groups -> Custom Groups; Click on + New to create a New Group (not shown)
  3. Give the group a name (here, we are using adminsvro) and optionally a Description
  4. Click Next

Custom Group - Members

custom_group_-_members.png

On the Members tab,
1. Use the Search box to search for and select the desired group members. In this case, I want:
2. Group Members

  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Domain This email address is being protected from spambots. You need JavaScript enabled to view it.

3. Click Finish when done

Update vRO Configuration

update_vro_configuration.png

  • Now, go to your vRO Control Center (NOTE: You may need to start the vco-configurator service on your vRA appliance if it is not already running)
  • Log in using root and the root password of your vRA appliance.
  • Click on the Configure Authentication Provider button
  • Set vsphere.local\adminsvro as the Admin group  (or the Custom Group you created in the earlier step)
  • Click Save Changes
  • Now restart your vRO Server Service

vRO Client Log In

vro_client_log_in.png

Launch the vRO Client and log in as a member of the group specified. In this case, I am using This email address is being protected from spambots. You need JavaScript enabled to view it.

Success!

success_.png

As you can see, I am now able to log in to the vRO Client with a Domain Account rather than only the This email address is being protected from spambots. You need JavaScript enabled to view it. account !!

Thanks to @SteveSchofield for prompting me to look into this!