Organization Administration

User and permission management, administration, and settings at the organizational level

  3 minute read  

Managing Access

In the Administration menu, you can access an overview of users, groups, and account settings.

Here, you can add users to your organization and manage their permissions (roles).

Users

User Overview

In the Access Control section, you will find the subsections Users, Groups, and Roles.

Through the Users tab and the New button, you can add additional users for logging into vCloud Director.

Screenshot: User Overview

Create User

This dialog allows you to create a new user.

User data is stored in the vCD database, making it a local user.

Screenshot: Create User

The following parameters can be configured:

ParameterDescription
UsernameLogin username
PasswordLogin password
Confirm PasswordRepeat the password to avoid typos
EnableActivate or deactivate the user account upon creation. Only active users can log in successfully.
Available RolesAssign user permissions using a predefined role
Full NameFull name of the user (optional)
Email AddressEmail address of the user (optional)
Phone NumberPhone number of the user (optional)

Groups

In Groups, you can define groupings for users. This is intended for imported groups from an IdP.

Roles

Predefined roles are available under the Roles section. A role always includes a set of permissions for a user or group.

Roles Overview

Using the New button, you can create additional custom roles that can be assigned to new users.
Screenshot: Roles Overview

New Role

Permissions can be customized individually for each menu item.
Screenshot: New Role

Sharing Instances

With users configured as vApp Users, access to individual vApps or VMs can be restricted.

Create a user to share the VM with, or ensure that the user already exists.

Select OrgVDC

Select the desired OrgVDC.
Screenshot: Select OrgVDC

Select VM

Choose the desired VM.
Screenshot: Select VM

Configure Sharing

Navigate to the Sharing page in the VM details view and click on Edit.
Screenshot: Configure Sharing

This procedure works similarly for sharing with a group or sharing a vApp.

Guest Customization

In the Administration section under Guest Customization, you can configure a global domain join for Windows VMs for the entire organization, removing the need to configure this individually for each VM.

View Guest Customization

Select the Guest Customization option in the administration area and click Edit.
Screenshot: View Guest Customization

Edit Guest Customization

In the dialog that opens, you can enter the necessary credentials for a domain join.
Screenshot: Edit Guest Customization

Policies

As an organization administrator, you can configure policies and settings for the organization. These influence the behavior and capacity of the entire organization.

View and Configure Policies

In the Policies section of the Administration area, you can configure defaults and limits for your organization.
Screenshot: View and Configure Policies

The following parameters can be adjusted:

  • vApp Leases
    • Maximum Runtime Lease: Set the default expiration time (in hours or days) for a vApp before the expiration action is executed. By default, the setting is Never Expires.
    • Runtime Expiration Action: Define the action to take upon expiration, such as Suspend or Power Off. Note: Only running VMs incur compute costs.
    • Maximum Storage Lease: Set the expiration time for storage used by powered-off vApps (disks). Actions can include moving or permanently deleting storage. Default: Never Expires.
    • Clean Up Storage: Options include Move Storage or Delete.
  • vApp Template Lease
    • Maximum Storage Lease: Default is Never Expires. You can define hours or days before the expiration action is executed.
    • Clean Up Storage: Options include Move Storage or Delete.
  • Default Quotas
    • Quota for all VMs: Limit the number of VMs that can be created.
    • Quota for running VMs: Limit the number of running VMs.
  • Password Policies
    • Account Lockout: Enable or disable account lockout to protect against unauthorized access attempts.
    • Invalid Login Attempts Before Lockout: Set the number of failed login attempts allowed before the user is locked out.
    • Lockout Interval: Define the duration of the lockout before the account is automatically unlocked.
Last modified 09.12.2024: add english pcv orgadmin (379eb07)