Enabling and managing Identity and Access Management
As of 28 March 2024, VMware Shared is not available for new deployments and support for existing instances ended on 28 February 2025. As of 4 March 2025, all VMs are powered off and on 6 April 2025, all customer and management data will be deleted. To avoid permanent deletion of your VMware Shared backups and to migrate your VMware Shared resources to IBM Cloud® for VMware Cloud Foundation as a Service, open an IBM Support ticket by 6 April 2025. For more information, see End of Support for VMware Shared deployments.
You can optionally enable IBM Cloud® Identity and Access Management (IAM) for your VMware Cloud Director Organization. For new organizations, IAM is enabled by default. For existing organizations, you can set or reset the IAM enablement from the virtual data center site details page.
Before you begin
Review roles and assign resource access for IBM Cloud for VMware Solutions Shared service instances. For more information, see Managing IAM access for VMware Solutions and Roles and permissions for VMware Cloud Director.
Responsibilities when you use Identity and Access Management
Review the following considerations to understand your responsibilities and IBM responsibilities for managing IAM.
IBM responsibilities
- Configure the IAM integration with the VMware Cloud Director console by using OpenID Connect (OIDC) for new site deployments.
- Populate the initial roles and permissions in VMware Cloud Director console that map to the IAM roles. For more information, see Roles and permissions for VMware Cloud Director.
Your responsibilities
- Maintain and manage the IAM integration with VMware Cloud Director as desired.
- Remove or disconnect the IAM integration with VMware Cloud Director if desired.
- Customize the populated roles and permissions in VMware Cloud Director as desired.
- Update the roles and permissions, including the IBM populated ones, as new permissions are provided in VMware Cloud Director.
Procedure to enable IAM
Enable IAM for existing organizations or reset the IAM integration if necessary.
-
In the VMware Solutions console, click Resources > VMware Shared from the left navigation panel.
-
In the VMware Shared table, click the site name to open the site properties page.
-
Click the Summary tab.
-
From the Site details pane, click Set IAM integration.
Results after you enable IAM
The IAM integration status can have the following results.
| Status | Description |
|---|---|
| Integration pending | The IAM integration is in progress. |
| Integration incomplete | The integration is not successful. Open an IBM Support ticket by following the steps in Getting help and support. |
| Integration enabled | The IAM integration was previously enabled for the organization. You can reset the integration, if needed. |
Resetting an IAM integration
You must delete all OpenID Connect (OIDC) users and imported groups with the OIDC type, then the OIDC provider before you can reset the IAM integration. For more information, see Deleting the OpenID Connect configuration in your VMware Cloud Director Organization.
Single sign-on availability
After the IAM integration is enabled, you can use single sign-on to log in to the VMware Cloud Director console.
- In the IBM Cloud for VMware Solutions console, click VMware Cloud Director console.
- From the log in pane, click SIGN IN WITH SINGLE SIGN-ON to log in to the console.