Learning vRNI 3.9: Part 3:User Management in vRNI

In last post of this series we learnt how to change default retention period for events etc in vRNI. In this post we will learn how about user management.

If you are not following along this series, then I recommend reading earlier posts of this series from below links:

1: Adding Data Sources in vRNI

2: Changing Default Data Management Policy

Default installation of vRNI allows you to login with admin@local user and this user can add new users (local and LDAP) and configure memberships and other settings of existing users. In this post we will learn how to add a local and LDAP user to vRNI.

Adding Local User

For security reasons, you might want to delete the default local user and specify a new one as per your organization access standard. To add a new local user login to vRNI and navigate to Home > Settings > User Management > Local Users and click on Add New User.

vrni-lu1

Provide name for the new user and login id (username@email format) and select an appropriate role for the user and set a complex password for this user.

Note: The users with membership role of administrator only can view the User Management tab.

vrni-lu2

Wizard will prompt you to provide password of the admin@local user. Punch in the password and hit Authorize button.

vrni-lu3

Newly added user will appear in list.

vrni-lu4

Logout admin user and login with newly created user.

vrni-lu5

Now if you navigate to user Management tab, you will get an option to delete the default admin user.

vrni-lu6

Adding Domain users

To add domain users to vRNI, we need to first integrate vRNI with Ad. To do this login to vRNi and navigate to Home > Settings > LDAP and click on Configure.

vrni-ldap-1

On the Configure LDAP page, type the appropriate domain, LDAP Host URL, and LDAP credentials.

If you need to provide access to groups, then enable ‘Group based access control’ and configure the group DN. You can add more then one group in vRNI. 

If you select the administrator role for a particular group, then all the members of that group have the administrator privilege. To allow access to the users only from the LDAP groups that you have added, select the Restrict access to members of the above groups only check box. 

Under LDAP credentials, punch in the username/password of user via which vRNI can query your Active Directory and hit Submit.

vrni-ldap-2

Once LDAP is configured, it will appear in the list. You can also edit the settings post configuring ldap.

vrni-ldap-3

To assign role to a LDAP user, navigate to LDAP Users tab and click on Assign Admin role.

vrni-ldap0

Type the ldap user name and click on Add user.

vrni-ldap5

Enter password for the admin@local user here (as currently I have logged in with this user)

vrni-ldap6

Newly added user will now appear in the list.

Note: In my opinion, manually adding users is not an efficient way of managing users. Instead this page should list all users from the AD and administrator should be able to select individual users and assign them appropriate rights.

vrni-lu1

Logout the admin@local user and login with the newly created user. 

Note: After the LDAP configuration is successful, a new drop-down menu is available on the login screen where users can select whether they want to log in locally or using their LDAP credentials.

vrni-ldap8

There are some considerations about Groups and Inheritance that you must be aware of. Below excerpts from VMware official doc talk about this:

vrni-ldap-9

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing :)

Leave a Reply