In last post of this series we learnt how to change default retention period for events etc in vRNI. In this post we will learn how about user management.
If you are not following along this series, then I recommend reading earlier posts of this series from below links:
Default installation of vRNI allows you to login with admin@local user and this user can add new users (local and LDAP) and configure memberships and other settings of existing users. In this post we will learn how to add a local and LDAP user to vRNI.
Adding Local User
For security reasons, you might want to delete the default local user and specify a new one as per your organization access standard. To add a new local user login to vRNI and navigate to Home > Settings > User Management > Local Users and click on Add New User.
Provide name for the new user and login id (username@email format) and select an appropriate role for the user and set a complex password for this user.
Note: The users with membership role of administrator only can view the User Management tab.
Wizard will prompt you to provide password of the admin@local user. Punch in the password and hit Authorize button.
Newly added user will appear in list.
Logout admin user and login with newly created user.
Now if you navigate to user Management tab, you will get an option to delete the default admin user.
Adding Domain users
To add domain users to vRNI, we need to first integrate vRNI with Ad. To do this login to vRNi and navigate to Home > Settings > LDAP and click on Configure.
On the Configure LDAP page, type the appropriate domain, LDAP Host URL, and LDAP credentials.
If you need to provide access to groups, then enable ‘Group based access control’ and configure the group DN. You can add more then one group in vRNI.
If you select the administrator role for a particular group, then all the members of that group have the administrator privilege. To allow access to the users only from the LDAP groups that you have added, select the Restrict access to members of the above groups only check box.
Under LDAP credentials, punch in the username/password of user via which vRNI can query your Active Directory and hit Submit.
Once LDAP is configured, it will appear in the list. You can also edit the settings post configuring ldap.
To assign role to a LDAP user, navigate to LDAP Users tab and click on Assign Admin role.
Type the ldap user name and click on Add user.
Enter password for the admin@local user here (as currently I have logged in with this user)
Newly added user will now appear in the list.
Note: In my opinion, manually adding users is not an efficient way of managing users. Instead this page should list all users from the AD and administrator should be able to select individual users and assign them appropriate rights.
Logout the admin@local user and login with the newly created user.
Note: After the LDAP configuration is successful, a new drop-down menu is available on the login screen where users can select whether they want to log in locally or using their LDAP credentials.
There are some considerations about Groups and Inheritance that you must be aware of. Below excerpts from VMware official doc talk about this:
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing