Automation

 View Only

 Permissions management with EntraID as the iDP

RogerBad's profile image
RogerBad posted Sep 06, 2024 09:28 AM

We run vCenter 8.0 u2 and u3, we migrated to use EntraID as our identity Provider...
Does anybody have expirience on how query SCIM provisioned users via Powercli?

Trying to assign permissions with the 

New-ViPermission -Entity <<Datacenter>> -Principal <<DOMAIN\user>> does fail with error (Value cannot be found for the mandatory parameter Principal )

When trying to query the provisioned Users with Get-VIAccount -Domain <<DOMAIN>> -User <<user>> i get the following error
(VIAccount with id 'USER@DOMAIN' was not found using the specified filter(s).)

Is anybody expirieng the same issues? do i have to use a differnt command set?

Any help would be appreciated.

LucD's profile image
LucD

Did you also try with user@DOMAIN?

RogerBad's profile image
RogerBad

Yes, i have tried using the Email direclty, without success.

Broadcom support told us that, with Entra Federation the intention is to permission per User instead of using Security Groups, but if this is not possible to automate, that will be very very painfull.

Would you have another way than Powercli at hand to solve this?

LucD's profile image
LucD

I'm afraid I have not.

RogerBad's profile image
RogerBad

I opend a support ticket with Broadcom as well.

Would be very good to solve this, will be hard to get adoption of EntraID otherwise.

Thanks alot LucD