Alert integration of Loginsight/vRealize Operations Manager using a service account and vIDM as an authentication source
While configuring Loginsight and vRealize Operations for a customer.
A question that came up was:
Is it possible to use a service account instead of a local user account for the alert integration between Loginsight and vRealize Operations, while vRealize Operations is using VMware Identity Manager as an authentication source?
The answer is “Yes, it is possible to do that”.
However, since the vRealize Operations 7.5 platform at the customer site is configured to use VMware Identity Manager (vIDM), inserting only a user principal name (UPN) in the username field is not going to work.
The way I could make this work is the following:
The first thing you need to do is look up the source name of the authentication source in vRealize Operations Manager.
In this case, it is “VMware Identity Manager”
Secondly, you need to make sure the service account has the necessary privileges to login to vRealize Operations.
Verify that the integration user (service) account has permissions to manipulate objects in vRealize Operations Manager. See Minimum Required Permissions for a Local or Active Directory User Account.
The third thing we need to do is: decide what we need to insert in the username field.
The username field will consist of the following attributes:
username, domain and source name
In my example the syntax will be like this:
username@domain.local@VMware Identity Manager
After filling in the required username field and password field, we are ready to select “Test”
The following message will show up:
"Connection is successful. Unable to check user privileges"
This indicates that this configuration can be saved, so press “Save”.
There is only one way to find out if the integration with vRealize Operations Manager works, by creating an alert from a query in Loginsight and sending it to vRealize Operations Manager.
A new alert should be waiting for you there 🙂
