Configure NSX-T to use vIDM as authentication

I needed to create a few additional accounts in NSX-T for outside sources. Instead of creating individual accounts i wanted to use the existing ones from AD.

To get started we need to get the certificate from the vIDM server. Log on to the vIDM server as root and run the following:

openssl1 s_client -connect <FQDN of vIDM host>:443 < /dev/null 2> /dev/null | openssl x509 -sha256 -fingerprint -noout -in /dev/stdin

Next we need to create the OAuth client ID in vIDM. Log in to the vIDM UI using the url <FQDN of vIDM host>SAAS/admin/app/page#!/dashboard as admin and Navigate to Catalog -> Settings

Navigate to Remote App Access -> Clients -> Create Client

In the Access Type chose Service Client Token, Client ID can be anything. Under Advanced click on Generate Shared Secret (take a note of this because we need it on the NSX side)

Next, log in to the NSX-T cluster and go to System -> Users and Roles -> VMWARE IDENTITY MANAGER -> Edit

Next fill in all the required fields with the existing data that we generated in the previous steps

Next we can see the integration as enabled and the connection as up

Next we can go to USERS click on ADD -> Role Assignment for VIDM

As you type in a user the system will try to auto complete it

Once the users and groups are defined all is left is to test out the authentication and validate that everything works

Leave a Reply