When VMware Cloud Foundation (VCF) Single-Sign On (SSO) is configured with the Active Directory over LDAP Identity Provider, VCF Operations will periodically synchronize the users and groups from your identity source.
By default, the sync frequency will default to once per week but it is user configurable to daily, hourly and even down to every 15 minutes, which is the lowest configurable frequency that is supported as shown in the screenshot below.
For users that require a one time sync, VCF Operation does provide a manual sync function that you can invoke under the configured identity source as demonstrated in the screenshot below.
Since the automated sync frequency ca not go below 15 minutes, the manual sync can be a viable workaround. If you need automate and schedule the manual sync, you may want automate it instead of manually invoking the function in the VCF Operations UI ...
To help with this automation, I have created the following shell script called sync_vcf_operations_active_directory_over_ldap_idp.sh which will allow you to invoke the private VCF Operations API to perform the identity source sync, which is exactly how the VCF Operations UI is performing this operation. Once you have populated the required credentials and FQDN of your VCF Operations instance, you can simply run the script as it does not take any parameters and will automatically perform the sync function, which you can confirm by looking at the last sync status time.
Note: In a future release of VCF Operations, the identity source sync functionality will have public APIs and the ability to configure a lower sync frequency will also be possible.
Thank you!