thinkdavid
commented
3 years ago To add on a use case: We'd like to be able to add a group from an ExternalIdentity source (i.e. LDAP) into a vSphereSSO Group (for example, administrators)
Closed dmilov closed 3 years ago
thinkdavid
commented
3 years ago To add on a use case: We'd like to be able to add a group from an ExternalIdentity source (i.e. LDAP) into a vSphereSSO Group (for example, administrators)
GaryJBlake
commented
3 years ago To add on a use case: We'd like to be able to add a group from an ExternalIdentity source (i.e. LDAP) into a vSphereSSO Group (for example, administrators)
Another vote for this use case, I'm looking for this exact requirement right now. My team develop Validated Solutions (a.k.a. VMware Validated Designs) for VMware Cloud Foundation where least privilege access is critical and we have a procedure where we need to assign access to a group from AD over LDAP to the SSO Admin role to allow them to manage SSO.
dmilov
commented
3 years ago Just published the 1.3.0 version of the module that adds set of cmdlet for group management.
The use-case is covered as well. Here is an example
Get-SsoGroup -Domain sof-powercli-qe.eng.vmware.com -Name 'DnsAdmins'
Name Domain Description
---- ------ -----------
DnsAdmins sof-powercli-qe.eng.vmware.com DNS Administrators Group
PS C:\Users\dmilov> $ldapGroup = Get-SsoGroup -Domain sof-powercli-qe.eng.vmware.com -Name 'DnsAdmins'
PS C:\Users\dmilov> $targetGroup = Get-SsoGroup -Domain vsphere.local -Name Administrators
PS C:\Users\dmilov> $targetGroup
Name Domain Description
---- ------ -----------
Administrators vsphere.local
PS C:\Users\dmilov> $ldapGroup | Add-GroupToSsoGroup -TargetGroup $targetGroup
PS C:\Users\dmilov> Get-SsoGroup -Group $targetGroup
Name Domain Description
---- ------ -----------
DnsAdmins sof-powercli-qe.eng.vmware.com DNS Administrators Group
Add a set of cmdlets similar to *-SsoPersonUser for group management.