7.4

Table Of Contents

2 Change directories to /usr/local/horizon/conf and create a file called

domain_krb.properties.

3 Edit the domain_krb.properties file to add the list of the domain to host values. Add the information as

<AD Domain>=<host:port>, <host2:port2>, <host2:port2>.

For example, enter the list as example.com=examplehost.com:636,

examplehost2.example.com:389

4 Change the owner of the domain_krb.properties file to horizon and group to www. Enter

chown horizon:www /usr/local/horizon/conf/domain_krb.properties.

5 Restart the service. Enter service horizon-workspace restart.

Conﬁgure Just-in-Time User Provisioning

You can configure Just-in-Time (JIT) provisioning to support adding users without syncing from your

Active Directory.

To support Just-in-Time provisioning, you must add a third party identity provider and then configure a

connection to it within your vRealize Automation deployment to integrate Directories Management with

other SSO providers via a SAML protocol. In addition, you must create a new directory with the

appropriate name, such as JIT Directory.

When you enable Just-in-Time provisioning, you can add Just-in-Time users to a designated custom

group. To support this functionality, create a custom group with the appropriate members. See Add Just-

in-Time Users with Custom Groups and Rules.

Note As a best practice, do not configure Just-in-Time provisioning on the default vsphere.local tenant.

Prerequisites

Configure an appropriate third party identity provider for use with JIT provisioning.

Configuring vRealize Automation

VMware, Inc. 107