Two years ago, I wrote a similar article around vCAC's embedded vCO but a lot has changed since then so those older steps no longer apply. This brief article will quickly walk you through the steps required to allow vRealize Automation 7.0/7.1/7.2's embedded vRealize Orchestrator to allow Active Directory Domain accounts login to the vRO Client.
This article assumes the following:
- vRealize Automation 7.0-7.2 is installed and configured (NOTE: This has not been tested with 7.3!)
- vRealize Orchestrator (embedded) is configured to use vRealize Automation as Authentication source
- At least one Active Directory domain has been configured in vRA (Administration -> Directories Management -> Directories)
- Log in to vRA as a Tenant Admin (in this instances, we are using the cloudadmin account)
- Go to Administration -> Users & Groups -> Custom Groups; Click on + New to create a New Group (not shown)
- Give the group a name (here, we are using adminsvro) and optionally a Description
- Click Next
Custom Group - Members
On the Members tab,
1. Use the Search box to search for and select the desired group members. In this case, I want:
2. Group Members
3. Click Finish when done
Update vRO Configuration
- Now, go to your vRO Control Center (NOTE: You may need to start the vco-configurator service on your vRA appliance if it is not already running)
- Log in using root and the root password of your vRA appliance.
- Click on the Configure Authentication Provider button
- Set vsphere.local\adminsvro as the Admin group (or the Custom Group you created in the earlier step)
- Click Save Changes
- Now restart your vRO Server Service
vRO Client Log In
Thanks to @SteveSchofield for prompting me to look into this!