At this point you should have finished the three prior steps:
Part 1: Deploy and Configure the Identity Appliance
Part 2: Deploy and Configure the vCloud Automation Center Appliance
Part 3: Installing IaaS Components
Part 5: Agent, Endpoint, and Group Configuration
Part 6: Create and Publish Blueprints
Part 7 - Setup vCO, Endpoints, and Advanced Services
The next step involves setting the user accounts and tenants. By default, we have already created the default tenant at https://vcac-appliance-hostname.domain.name/shell-ui-app (in my case https://vcac-identity.kendrickcoleman.c0m/shell-ui-app) that can be accessed with the This email address is being protected from spambots. You need JavaScript enabled to view it. SSO account.
vCAC has the ability to be a Single Tenant or Multi-Tenant application. A tenant is an organizational unit within a vCloud Automation Center deployment. A tenant can represent a business unit within an enterprise or a company that subscribes to cloud services from a service provider. Each tenant has a unique URL to the vCloud Automation Center console where the default has been specified above, while mutli-tenant resources will be given a URL such as https://vcac-appliance-hostname.domain.name/shell-ui-app/org/mycompany. The default tenant is the only tenant that supports native Active Directory authentication; all other tenants must use Active Directory over LDAP or OpenLDAP.
In a single tenant configuration, everything is handled at the default instance. This includes system wide configurations. Tenant administrators can manage users and groups, configure tenant-specific branding, notifications, business policies, and catalog offerings. The system administrator account is always This email address is being protected from spambots. You need JavaScript enabled to view it., while the tenant administrator must be a user in one of the tenant identity stores, such as username@mycompany.com.
In a multi-tenant environment, the system administrator creates new tenants for each organization that uses the same vCloud Automation Center instance. Tenant users log in to the vCloud Automation Center console at a URL specific to their tenant. Since we are only going to be exploring a Single Tenant configuration, please read more about multi-tenancy at Comparison of Single-Tenant and Multi-Tenant Deployments in the official VMware documentation.
There are certain roles and functions to understand within vCAC:
- System Administrator: performs the initial configuration of single sign-on and basic tenant setup, including designating at least one identity store and a tenant administrator for each tenant
- Tenant Administrator: create custom groups within their own tenant and add both users and groups defined in the identity store to custom groups.
Configure the Default Tenant
1. Open up our browser to https://vcac-appliance-hostname.domain.name/shell-ui-app (in my case https://vcac-identity.kendrickcoleman.c0m/shell-ui-app) and log in with This email address is being protected from spambots. You need JavaScript enabled to view it. and the SSO password
2. Click on the vsphere.local account
3. Go to the identity stores tab and click the green "+".
4. I tried using "Native Active Directory" configuration and couldn't figure it out. However, I was able to get the standard Active Directory configuration working which will be used for a multi-tenant setup. I used AD Explorer from Microsoft Tools to help me figure out the distinguished name for my user because you can't use the User name.
5. Go over the Administrator tab and add the groups you want to have Tenant Administrator access as well as Infrastructure Administrator rights. I just gave them both Domain Admins to make life simple
6. Click Update to finish
7. Verify it's working by logging out. Now you have to login with the users FQDN such as This email address is being protected from spambots. You need JavaScript enabled to view it. and the password
8. We should see this screen if it's successful:
Configuring a New Tenant:
1. This step will be exactly the same as before except we need to create a new tenant from the green "+" symbol.
2. Give the tenant a name such as "engineering" and give the tenant a URL name that they will use to access. This URL will translate to https://vcac-identity.kendrickcoleman.c0m/shell-ui-app/org/engineering in my case
3. Follow steps 3-6 in the previous section to create new Active Directory or OpenLDAP relationships to configure the use for Tenant and Infrastructure Admin purposes
Part 1: Deploy and Configure the Identity Appliance
Part 2: Deploy and Configure the vCloud Automation Center Appliance
Part 3: Installing IaaS Components
Part 5: Agent, Endpoint, and Group Configuration
Part 6: Create and Publish Blueprints