Adding your own (admin) accounts to vR Operations v6

It is not very good to always log in as Admin and in fact many of the customers I have worked with over the years have not allowed that sort of work.  Everyone needs a named account.  So here we go.

First we need to enable this capability.

LDAP Integration

You should be logged in as the admin and change to Administration.  Then select LDAP Import Sources (Update: in vR Ops 6.1 LDAP Import is renamed to Authentication Sources.).
AD1

Use the green error seen in the image above to start things off.

AD2

Fill in the form as you might expect.  See below for mine.

AD3

My service account above is in the domain admin group but I am looking around for what it should actually be.  Update: I tested this with a user in the Domain Users group and it worked.  I have used it for several days with no issues.  This was done with 6.0.1 and also in 6.0.2.

Make sure to Test.

AD4

Once you save this config, you should see something like below.

AD5

Look close at the image above.  It suggests – at least to me, that there might be some auto synchronization.  Meaning you can set it up so any new AD user can log in and get some predefined access but that is not true from what I can tell.

Now we have our AD source define so we can add some users.

Adding Admin Users

Next we will add some admin users. Still in the Home Administration area you should select Access Control.

role1

Now working on the User Accounts tab, as seen above, you should NOT use the green plus.  That would allow you to create a local account.  You need to use the little icon with two people and a green arrow.

role2

That will start a wizard.

role3

You should change the Import From to read your domain – that you just connected to.  You can then search for someone.

role4

Lets select the user and hit Next.

role5

vR Ops 6.0.x

(if you are using 6.1 see the section below) Now since we are creating an admin user we are going to select to add this user to the Administrators group.

role6

Now we change to the Roles page.

role7

Again we select Administrators since we are doing an admin user.

role8

As this is a admin user we are creating I do select the option for all objects access.

vR Ops 6.1

This has been simplified from above in 6.1.  After you have selected your user and hit next you see the following.

Groups

There are no groups yet made – you will need to do that once you start adding users that are not admin equivalent.  Like help desk for example. So in our case, as we are adding an admin user change to the Objects tab.

Groups2

As you can see here I have selected the check-box to assign Administrator role to my user.  Plus, I then selected Allow access to all objects in the system.

Once you hit finished you should see now your user in the list.

roleNEW

You can see exactly status of the account in the image above as well as the access.  So quite handy.

Testing

We should log out and try logging in as the newly defined user.

role9

There is a little more to this screen then it looks.  Make sure to change the source to your domain.  Also, the format of my credentials above need to be as they are shown.  Not as mwhite nor pml\mwhite. I would suggest an improvement here that mwhite, pml\mwhite, and mwhite@pml.com all should work. Update: as of 6.2 you could log in as username or mwhite with no problem.

Update: I was not able to log in at this point in one test.  But when I closed the browser, and opened it again I was able to log in.  This was with 6.0.1 and it just happened again with 6.0.2. This was not required for 6.1.

But the first time you log in as a new user – at least an admin level one you will see the following.

FirstTime

Summary

So you can now add your AD domain, and users to the vR Ops UI.  You might ask why I am not showing you how to define groups here.  I have had troubles with groups and for me they are not working properly – even got a cool Java error.  So I will work with them more and figure them out and add an article for that.

BTW, you can find out how to do read only right here.

Update

  • 3/19/16 – updated for 6.2.
  • 11/15/15 – LDAP is now called Authentication Sources.  Plus some screenshots are different for 6.1 so updated to cover the changes.
  • 7/7/15 – added how no change in 6.0.2 for close browser.
  • 5/13/15 – added the two update comments on domain user and close browser above.

Michael

=== END ===

 

 

Tagged with:
Posted in How To

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: