This blog post was originally shared on virtuallyghetto.com.
A few years back I had submitted a PowerCLI Feature Request (PCLI-44) via the public PowerCLI Ideas platform requesting for a PowerCLI module that would support vCenter Single Sign-On (SSO) Administrative functionality such as managing SSO Users, Groups, Password, Lockout Policy and Identity Sources.
This was one of the most popular Idea voted by the PowerCLI community, which also stressed the need for such functionality which I came across on a regular basis on some of the Automation I was writing. In the past, I have written numerous blog articles in working around this limitation as the vCenter SSO Admin APIs were not and leveraging Guest Operations API, one could still automate various SSO operations using the various SSO CLIs that is included within the vCenter Server Appliance (VCSA).
Today, I received a notification from the PowerCLI Ideas platform that this feature as “Shipped” and it looks like the PowerCLI team has just released an Open Source Module called VMware.vSphere.SsoAdmin that includes the following 12 cmdlets:
- Add-ActiveDirectoryIdentitySource
- Connect-SsoAdminServer
- Disconnect-SsoAdminServer
- Get-SsoGroup
- Get-SsoLockoutPolicy
- Get-SsoPasswordPolicy
- Get-SsoPersonUser
- Get-SsoTokenLifetime
- New-SsoPersonUser
- Remove-SsoPersonUser
- Set-SsoLockoutPolicy
- Set-SsoPasswordPolicy
- Set-SsoPersonUser
- Set-SsoTokenLifetime
To get started with the new PowerCLI SSO Module, take a look at the instructions below.
Pre-Req:
- PowerShell 5.1 (or newer) + PowerCLI 12.0 Installed
Step 1 – Clone using git command-line or download the PowerCLI Example Repo to your local system
Step 2 – Change into the modules/VMware.vSphere.SsoAdmin directory and then import SSO module using:
|
1 |
Import-Module ./VMware.vSphere.SsoAdmin.psd1 |
Step 3 – Use the Connect-SsoAdminServer to connect to your vCenter Server. If you have a self-signed certificate, you will need to pass in the -SkipCertificateCheck parameter
Connect-SsoAdminServer -Server vcsa.primp-industries.com -User administrator@vsphere.local -Password VMware1! -SkipCertificateCheck
Once connected, you can start using any of the SSO cmdlets, here is an example retrieving the SSO Password and Lockout Policies:
|
1 2 |
Get-SsoPasswordPolicy Get-SsoLockoutPolicy |
Here is an example of creating a new SSO User and then r
|
1 2 3 |
New-SsoPersonUser -User lamw -Password 'MyStrongPa$$w0rd' -EmailAddress 'lamw@primp-industries.com' -FirstName 'William' -LastName 'Lam' Get-SsoPersonUser -Name lamw -Domain vsphere.local Remove-SsoPersonUser -User (Get-SsoPersonUser -Name lamw -Domain vsphere.local) |
To disconnect from SSO endpoint, you will need to run the following command:
|
1 |
Disconnect-SsoAdminServer -Server $Global:DefaultSsoAdminServers[0] |
For detailed documentation on each cmdlet, simply use the Get-Help function and specify the name of the cmdlet to get more information. If you have been waiting for this functionality in PowerCLI, be sure to give this a try and hopefully with positive feedback, we may see this module as part of the official PowerCLI release in the future!
Thank you so much for writing such a nice article keep posting. binding love spell caster
Hi,
Thank you for your great posts.
Is there any plans to enable the usage of -Credential with Connect-SsoAdminServer?
Thanks for the great resource! Keep posting!
This is such a great post, and was thinking much the same myself. Be sure to keep writing more great articles like this one.
This is first time visiting your blog but I appreciate your work, keep adding more. Just to inform you I will follow your blog so don’t disappoint me.
Personally I think overjoyed I discovered the blogs.
I would recommend my profile is important to me, I invite you to discuss this topic…
Welcome to the party of my life here you will learn everything about me.
it’s really cool blog. Linking is very useful thing.you have really helped
Welcome to the party of my life here you will learn everything about me.
it’s really cool blog. Linking is very useful thing.you have really helped
When you outsource mental health billing services to ZEE Medical Billing Inc. we take the next step by understanding your patient demography and insurance details. Thereafter, steps like running multi-tier checks to verify, as well as validating the correctness and reliability of the documentation are taken. We do not put our clients through a stress-inducing process of resubmission due to non-compliance. Our experts undertake Psychiatry Medical Billing with care and precision to eliminate rework. But that’s not all. We offer more benefits that you can avail of by partnering with us.
This is a fantastic piece, and I had similar thoughts too. Continue creating excellent articles similar to this one.
This is such a wonderful post, and I had similar thoughts. Be sure to continue writing articles of similar quality.
Thanks for sharing this knowledgeable blog with us, truly a great informative site.
Just gorgeous… And somehow nostalgic.
I have been looking for sites like this for a long time. Thank you!
Very value able post, I read the whole story when I start reading it.