You import user groups from a single sign-on server, or an LDAP database on another machine so that you can use those groups in vRealize Operations Manager.

1

To add import a user group, in the menu, click Administration, then in the left pane click Access > Access Control.

2

Click the Import Group.

3

To edit a user group, select a user group and click the Edit icon.

The options displayed in the Import User Groups page depend upon the authentication source you select.

When you import a user group from a single sign-on server, log out of vRealize Operations Manager, and then log in again to synchronize users and user group memberships with the single-sign on server.

Import User Groups Workspace - Import User Groups Page - LDAP Source Options

Option

Description

Import From

Host machine configured as the source to import the user groups. These options are displayed when the host machine of an LDAP source is selected.

User Name

User name of the source credential to import user groups to the vRealize Operations Manager instance.

Password

Password for the source credential to import user groups to the vRealize Operations Manager instance.

Search String

Invoke the search for user groups.

Advanced

Displays the advanced import settings.

Group Search Criteria. Search criteria to find LDAP groups. If not included, vRealize Operations Manager uses the default search parameters: (|(objectClass=group)(objectClass=groupOfNames))

Member Attribute. Name of the attribute for a group object that contains the list of members. If not included, vRealize Operations Manager uses member by default.

User Search Criteria. Search criteria to use the member field to find and cache LDAP users. You type sets of key=value pairs in the form (|(key1=value1)(key2=value2)). If not included, vRealize Operations Manager searches for each user separately. This operation might take extra time.

Member Match Field. Name of the attribute for a user object to match with the member entry from a group object. If not included, vRealize Operations Manager treats the member entry as a distinguished name.

LDAP Context Attributes. Attributes that vRealize Operations Manager applies to the LDAP context environment. You type sets of key=value pairs separated by commas, such as java.naming.referral=ignore,java.naming.ldap.deleteRDNfalse.

Group Name

Displays the user groups found. Click the check box for each user group to import.

Import User Groups Workspace - Import User Groups Page - Single Sign-On Source Options

Option

Description

Import From

Host machine configured as the source to import the user groups.

Domain Name

User name of the source credential to import user groups to the vRealize Operations Manager instance.

Result Limit

Determines the number of groups displayed.

Search Prefix

Enter a search prefix to narrow your search.

Group Name

Displays a list of user groups. Select the Group Name check box to import all the displayed user groups, or select the check box next to each user group that you want to import.

Import User Groups Workspace - Roles and Objects Page

Option

Description

Select Role

Displays available roles in a drop-down menu.

Assign this role to the group

Roles determine which actions users of the group can perform in the system. Select a role from the Select Role drop-down menu, and then select the Assign this role to the user check box. You can associate more than one role with the user group.

Select Object Hierarchies

Select which objects the users of the group can access when assigned this role.

Select Object Hierarchies: Displays groups of objects. Select an object in this list to select all the objects in the hierarchy,

Select Object: To select specific objects within the object hierarchy, click the down arrow to expand the list of objects. For example, expand the Adapter Instance hierarchy, and select one or more adapters.

Allow access to all objects in the system: Select this check box to permit users of the group access to all objects in the system.