A few years back I had submitted a PowerCLI Feature Request (PCLI-44) via the public PowerCLI Ideas platform requesting for a PowerCLI module that would support vCenter Single Sign-On (SSO) Administrative functionality such as managing SSO Users, Groups, Password, Lockout Policy and Identity Sources.
This was one of the most popular Idea voted by the PowerCLI community, which also stressed the need for such functionality which I came across on a regular basis on some of the Automation I was writing. In the past, I have written numerous blog articles in working around this limitation as the vCenter SSO Admin APIs were not and leveraging Guest Operations API, one could still automate various SSO operations using the various SSO CLIs that is included within the vCenter Server Appliance (VCSA).
Today, I received a notification from the PowerCLI Ideas platform that this feature as "Shipped" and it looks like the PowerCLI team has just released an Open Source Module called VMware.vSphere.SsoAdmin that includes the following 12 cmdlets:
- Add-ActiveDirectoryIdentitySource
- Add-GroupToSsoGroup
- Add-LDAPIdentitySource
- Add-UserToSsoGroup
- Connect-SsoAdminServer
- Disconnect-SsoAdminServer
- Get-IdentitySource
- Get-SsoAuthenticationPolicy
- Get-SsoGroup
- Get-SsoLockoutPolicy
- Get-SsoPasswordPolicy
- Get-SsoPersonUser
- Get-SsoTokenLifetime
- New-SsoGroup
- New-SsoPersonUser
- Remove-GroupFromSsoGroup
- Remove-IdentitySource
- Remove-SsoGroup
- Remove-SsoPersonUser
- Remove-UserFromSsoGroup
- Set-LDAPIdentitySource
- Set-SsoAuthenticationPolicy
- Set-SsoGroup
- Set-SsoLockoutPolicy
- Set-SsoPasswordPolicy
- Set-SsoPersonUser
- Set-SsoSelfPersonUserPassword
- Set-SsoTokenLifetime
To get started with the new PowerCLI SSO Module, take a look at the instructions below.