Today, vCenter SSO operations can not be Automated through PowerCLI, it would be very useful to expose a module that would provide such capabilities. Below are several articles outline use cases that rely on a CLI that resides on the vCenter Server and ideally, this functionality can be remotely called via an API that PowerCLI can consume
http://www.virtuallyghetto.com/2015/05/vcenter-server-6-0-tidbits-part-9-creating-managing-sso-users-using-dir-cli.html
Global permission is not in the SsoAdmin domain. There is a PowerShell Module that covers the global permissions
https://www.powershellgallery.com/packages/VIPerms/0.0.6
Attachments Open full size
Hi Sourav,
Please add this as a feature request in the github repo. We would like to keep all feature requests for this module in one place.
Attachments Open full size
Would it be possible to add Global Permissions management capability to this module? That would probably be a useful part of SSO user management.
Attachments Open full size
Is it possible to add an active directory server with specific domain controllers with this module? I don't see anything about passing SSL certs in the parameters, which are required for ldaps://
Attachments Open full size
We have developed an open source module to allow managing SSO Admin functionality. It's available at: https://github.com/vmware/PowerCLI-Example-Scripts/tree/master/Modules/VMware.vSphere.SsoAdmin
Attachments Open full size
https://github.com/vmware/PowerCLI-Example-Scripts/pull/386
Feel free to jump in and comment.
Attachments Open full size
Hi everybody,
If you have to set priorities to which SsoAdmin features should be available in PowerShell choosing from below list what are the most needed:
-PasswordPolicy: Get/Set
-ExternalDomain: Add/Get
-LocalOSDomain: Add/Get
-LocalUser: Get/New/Remove
-LocalUserPassword: Reset
-SolutionUser: Get/New/Remove
-GroupManagement:
-Cert Managment: New/Get/Delete-Certificate, TrustedCertificate, KnownCertificateChains, New-SignerIdentity
-ClockTolerance: Get/Set-ClockTolerance
-STS Settings: DelegationCount, RenewCount, HoKLifetime, BearerTokenLifetime
Attachments Open full size
This is what I've been looking for, really meaningful
Attachments Open full size
This is the last piece missing for standing up an ENTERPRISE ready virtual datacenter fully automated.
Attachments Open full size
This would be a huge improvement for deployments, configuration management, and compliance auditing. It astounds me that this has not been an option.
Attachments Open full size
If I could upvote this 1,000 times, I would. I could hack this in 6.5 by pulling over a couple of .sh files from a 6.0 install, but it's just not possible so far as I can tell in 6.7. So much for being able to automate an entire deploy.
Attachments Open full size
This would be really useful. I'm in the process of automating a vSphere installation with PowerCLI and this is the one big piece missing...
Attachments Open full size
This is actually a big deal, as for things like the vSphere STIG... DISA has a lot of SSO-centric things that can't be automated today... I broke it down on my github repo for doing STIG things: https://github.com/stvkpln/vsphere-stig-powercli
Attachments Open full size