At this point you should have finished the three prior steps:
vCAC has the ability to be a Single Tenant or Multi-Tenant application. A tenant is an organizational unit within a vCloud Automation Center deployment. A tenant can represent a business unit within an enterprise or a company that subscribes to cloud services from a service provider. Each tenant has a unique URL to the vCloud Automation Center console where the default has been specified above, while mutli-tenant resources will be given a URL such as https://vcac-appliance-hostname.domain.name/shell-ui-app/org/mycompany. The default tenant is the only tenant that supports native Active Directory authentication; all other tenants must use Active Directory over LDAP or OpenLDAP.
In a multi-tenant environment, the system administrator creates new tenants for each organization that uses the same vCloud Automation Center instance. Tenant users log in to the vCloud Automation Center console at a URL specific to their tenant. Since we are only going to be exploring a Single Tenant configuration, please read more about multi-tenancy at Comparison of Single-Tenant and Multi-Tenant Deployments in the official VMware documentation.
There are certain roles and functions to understand within vCAC:
- System Administrator: performs the initial configuration of single sign-on and basic tenant setup, including designating at least one identity store and a tenant administrator for each tenant
- Tenant Administrator: create custom groups within their own tenant and add both users and groups defined in the identity store to custom groups.
Configure the Default Tenant
2. Click on the vsphere.local account
3. Go to the identity stores tab and click the green "+".
4. I tried using "Native Active Directory" configuration and couldn't figure it out. However, I was able to get the standard Active Directory configuration working which will be used for a multi-tenant setup. I used AD Explorer from Microsoft Tools to help me figure out the distinguished name for my user because you can't use the User name.
5. Go over the Administrator tab and add the groups you want to have Tenant Administrator access as well as Infrastructure Administrator rights. I just gave them both Domain Admins to make life simple
6. Click Update to finish
8. We should see this screen if it's successful:
Configuring a New Tenant:
1. This step will be exactly the same as before except we need to create a new tenant from the green "+" symbol.
2. Give the tenant a name such as "engineering" and give the tenant a URL name that they will use to access. This URL will translate to https://vcac-identity.kendrickcoleman.c0m/shell-ui-app/org/engineering in my case
3. Follow steps 3-6 in the previous section to create new Active Directory or OpenLDAP relationships to configure the use for Tenant and Infrastructure Admin purposes