Log Insight 4.3: VMware Identity Manager Integration

Log Insight has featured a Tech Preview of VMware Identity Manager (VIDM) integration for the last two releases. I am happy to announce that as of Log Insight 4.3, this feature is now fully supported. Read on to learn more!

What is VIDM?

VIDM is an identity service that connects to identity providers to provide SSO. More information can be found here.

How to Configure

Configuration is done on the same Authentication page as Active Directory (AD):

IMPORTANT: Binding user must be a local VIDM user to work.

You must provide configuration information to an external VIDM instance (either on-prem or cloud). Once configuration is complete, you can navigate to the /admin/users page to add VIDM users and groups:
li-40-vidm3

IMPORTANT: Pay special attention to the domain field as failing to set this properly will result in errors.

How to Log In

It should be noted that once you enable VIDM the log on page for Log Insight will look a little different:
li-40-vidm4
You will see that you must specify a provider (first drop-down). When you select VIDM, you will then be redirected to VIDM to authenticate unless you already have an active browser SSO token.

IMPORTANT: An AD user and a vIDM AD user are NOT the same. More on this in a future post.

How to get VIDM?

As I mentioned earlier in this post, you must have an external VIDM instance for Log Insight to authenticate against. There is no bundle of VIDM with Log Insight at this time. Either you must purchase and deploy an external VIDM system or you have to leverage a system which already has VIDM installed (e.g. vRealize Automation or Horizon Advanced/Enterprise).

What about PSC / SSO2?

As you know, vSphere ships with the Platform Services Controller and SSO2. Log Insight does not have direct integration with PSC / SSO2. Log Insight can integrate with an external VIDM and that external VIDM can authenticate with a PSC / SSO2 system.

What else?

It is important to understand how VIDM plays into Log Insight instances that have active AD users. I will cover this scenario in my next post.

© 2017, Steve Flanders. All rights reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top