[ vra vidm iam troubleshooting ]

Logging in to vRA after a successful deployment from vRSLCM

Congratulations you have successfully completed deploying vRA from vRSLCM, and now its time to login for the first time. For my initial deployment I deployed a single node with a self signed certificate from the vRealize Easy Installer.

vra splash page

When browsing to https://your_vRA_FQDN and clicking Go To Login Page, we are presented with a login prompt from the vIDM Workspace One instance vRA is registered with. Its important to ensure we are logging in to the System Domain, since vRA’s Identity and Access Management still needs to be configured with the desired users/groups and roles. system domain login

Once logged in with the configuration admin account we can see the 6 roles assigned to the Configurationadmin user.

iam roles

Logging in to vRA after a successful deployment from vRSLCM when an LDAP source has already been configured in vIDM Workspace One

However if this is not the initial deployment of vRA, chances are you have already configured vIDM Workspace One with a LDAP source for authentication. When logging in to the newly deployed vRA instance for the first time, with vIDM already configured to a LDAP source, we need to change the domain back to System Domain.

vIDM AD Domain vIDM Change Domain
Change to a different domain Select System domain for the Configuration Admin User

Once Workspace One ui notes System Domain, login with the configuration administrator credentials showing in the globalenvironment under the vIDM product in vRSLCM.

vIDM Configuration Admin vRA login
vIDM Configuration Admin User vRA Login with Configuration Admin User

Now that we have completed logging in to vRA, my first step is to browse to Identity and Access Management and integrate my domain groups from vIDM. When reaching IAM we can see our configuration admin user is entitled with the 6 roles needed to make it an administrator, however none of our users from vIDM Workspace One have been assigned Organization or Service Roles.

vRA IAM

Errors

If we attempt to login with a domain account, prior to granting the user a role in IAM, we are presented with a 403 error. Simply click Sign Out, and log back in with the configuration admin user, noted in vRSLCM, ensuring the System Domain is selected.

403 Error It appears that you don’t have access to VMware vRealize Automation.

vRA 403 Error



DISCLAIMER This is a personal blog. Any views or opinions represented in this blog are personal and belong solely to the blog owner and do not represent those of people, institutions or organizations that the owner may or may not be associated with in professional or personal capacity, unless explicitly stated. Any views or opinions are not intended to malign any religion, ethnic group, club, organization, company, or individual.
All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.
Photos
Unless stated, all photos are the work of the blog owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. If used with watermark, no need to credit to the blog owner. For any edit to photos, including cropping, please contact me first.
Recipes
Unless stated, all recipes are the work of the blog owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. Please credit all recipes to the blog owner and link back to the original blog post.
Downloadable Files
Any downloadable file, including but not limited to pdfs, docs, jpegs, pngs, is provided at the user’s own risk. The owner will not be liable for any losses, injuries, or damages resulting from a corrupted or damaged file.
Comments
Comments are welcome. However, the blog owner reserves the right to edit or delete any comments submitted to this blog without notice due to
– Comments deemed to be spam or questionable spam
– Comments including profanity
– Comments containing language or concepts that could be deemed offensive
– Comments containing hate speech, credible threats, or direct attacks on an individual or group
The blog owner is not responsible for the content in comments.
This policy is subject to change at anytime. disclamer c/o http://kaloferov.com/