If your organization defines an OAuth identity provider in its OrgOAuthSettings, users managed by that identity provider are created implicitly when they first log in to the organization. If you want a user or group to exist in the organization before first login, or to assign the user or group a specific role, you can import a user or group from an OAuth identity provider explicitly.
Unlike imports from an LDAP service, imports from an OAuth identity provider do not actually import information from an external database. Instead, the operation creates a mapping between a user or group defined in your organization and a user or group defined by your organization's OAuth provider. The vCloud Director database stores these mappings, but does not store data retrieved from the OAuth provider.
1 | Create a User or Group element that identifies a user defined by your organization's OAuth provider. |
2 | Include the following line in the User or Group element. <ProviderType>OAUTH</ProviderType> |
3 |
This example imports a user from an OAuth identity provider and assigns the user the Defer to Identity Provider role. See Predefined Roles and Their Rights.
POST https://vcloud.example.com/api/admin/org/26/users Content-Type: application/vnd.vmware.admin.user+xml ... <?xml version="1.0" encoding="UTF-8"?> <User xmlns="http://www.vmware.com/vcloud/v1.5" name="user@example.com" type="application/vnd.vmware.admin.user+xml"> <IsEnabled>true</IsEnabled> <ProviderType>OAUTH</ProviderType> <Role href="https://vcloud.example.com/api/admin/org/26/role/d26caa7b-d8b2-395b-9615-4cd1903a65c1" /> </User>
The response is a User element, most of which is not shown in the example. The response includes a link that an administrator can use to edit user metadata, and additional elements, such as IsDefaultCached and StoredVmQuota, inherited from organization defaults. It also includes a NameInSource element, which contains the user's name in the encoding used by the identity provider.
201 Created Content-Type: application/vnd.vmware.admin.user+xml ... <User xmlns="http://www.vmware.com/vcloud/v1.5" name="user@example.com" id="urn:vcloud:user:85" type="application/vnd.vmware.admin.user+xml" href="https://vcloud.example.com/api/admin/user/85"> <Link rel="edit" type="application/vnd.vmware.admin.user+xml" href="https://vcloud.example.com/api/admin/user/85" /> <FullName>Imported User Full Name</FullName> <EmailAddress>user@example.com</EmailAddress> <IsEnabled>true</IsEnabled> <ProviderType>OAUTH</ProviderType> <NameInSource>\F4\D3\42\8E\6A\BC\D3</NameInSource> <IsAlertEnabled>false</IsAlertEnabled> <IsDefaultCached>false</IsDefaultCached> <StoredVmQuota>0</StoredVmQuota> <DeployedVmQuota>0</DeployedVmQuota> <Role type="application/vnd.vmware.admin.role+xml" name="Defer to Identity Provider" href="https://vcloud.example.com/api/admin/org/26/role/d26caa7b-d8b2-395b-9615-4cd1903a65c1" /> <GroupReferences /> </User>