User guide

ManualsBrandsVMware ManualsComputer equipmentSOFTWARE REPOSITORY FOR WINDOWS 1.1

UI name CLI name

(Provider.cfg)

Description and requirements

- - -

Note

Once this value is set for a provider, it cannot be

changed, because of the tenants that are using

this provider may already have role assignments

and permissions configured using group names in

a format using the current attribute.

Group Whitelist whitelist Optional. One or more group names as defined by

the authentication provider. This setting will filter

the group membership information that ViPR

retrieves about a user.

When a group or groups are included in the

whitelist, it means that ViPR will be aware of a

user's membership in the specified group[s]

only. Multiple values (one per line in ViPR UI,

comma-separated in CLI and API) and

wildcards (for example

MyGroup*,TopAdminUsers*) are allowed.

Blank value (default) means that ViPR will be

aware of any and all groups that a user

belongs to. Asterisk (*) is the same as blank.

Example:

UserA belongs to Group1 and Group2.

If the whitelist is blank, ViPR knows that

UserA is a member of Group1 and Group2.

If the whitelist is "Group1", ViPR

knows that UserA is a member of Group1, but does

not

know that UserA is a member of Group2 (or of any

other group).

Use care when adding a whitelist value. For

example, if mapping a user to a tenant is based on

group membership, then ViPR must be aware of

the user's membership in the group.

To restrict access to a tenant to users of certain

group(s) only, one must:

add these group(s) to the tenant user mapping

(using the CLI command viprcli tenant

add-group), so the tenant is configured to

accept only users of these group(s).

add these group(s) to the whitelist, so that

ViPR is authorized to receive information about

them

Initial Configuration of ViPR Virtual Appliance

Authentication provider settings 43