When you integrate vRealize with WS1 Access, users are going to be authenticated using the OAuth method. the problem is that the application won’t appear in the application catalogue, administrator will need to go to the vROps login page and then select the right identity then click on Redirect as show below.
Get Application Information
To add the application in the application catalog you need to first get the information of the oauth client
Go to Catalog > Settings > Remote App Access
Select the OAuth client corresponding to vROps, you can see if it’s the right one by looking at the Redirect URI
Take note of the following: Client ID and the Redirect URI
You also need to get the information from vROps on how the integration have been done.
Build the URL
The url is as follow:
https://ACCESSHOST/acs/t/TENANT/authorize?response_type=code&client_id=CLIENTID&redirect_uri=https%3A%2F%2FREDIRECTURI%2Fui%2FvidmClient%2Fvidm%2F¶m0=acs¶m1=TENANT¶m2=authorize
So from the information above my url is going to be:
https://demo.vmwareidentity.eu/acs/t/DEMO/authorize?response_type=code&client_id=62180524-b4e5-48e4-80dd-13c92658c88a&redirect_uri=https%3A%2F%2Fvrops.domain.tld%2Fui%2FvidmClient%2Fvidm%2F¶m0=acs¶m1=DEMO¶m2=authorize
Add the vROps as Web Link
Next step is to add vROps as a Web Link in the application catalog.
Paste the URL build before
Save and assign the right population of users.
Now the app is available directly in the application catalog for admin/users to use. Perfect for user with limited access which might not know the url by heart.
Caveat
One of the caveat of this method is that the authentication policy is one for the portal as it is a web link there is no step up possible or specific policy for the application.
The other one is that the URL might change if vROps configuration changes the link will need to be updated and as this is not part of the default install might be forgotten.