Add a tenant

After creating an alias for the primary tenant in VMware Workspace ONE Access, you add a tenant and associate it with a VMware Aria Suite product such as VMware Aria Automation, so that the tenant can use the product services.

In the API request to create a tenant, you have the option to associate the tenant with a VMware Aria Suite product. For example, you can create a tenant first then associate it with the product later. The following procedure shows how to create a tenant without product association. An example below the procedure shows how to create a tenant and associate it with VMware Aria Automation in the same request.

Prerequisites

Verify that all general prerequisites have been satisfied. See Tenant management using VMware Aria Suite Lifecycle APIs.
Verify that all prerequisites for adding a tenant by using the VMware Aria Suite Lifecycle UI have been satisfied. See Add Tenants.
Verify that you have the following input values required to create the tenant:
- The name of the tenant that you choose.
- If associating it with a product, ID of the environment with the product where the tenant will be assigned. See GUID-65248C90-0741-49F0-B606-3BE956A82244.html#GUID-65248C90-0741-49F0-B606-3BE956A82244.
- vidmCludDto Provide details for the administrator of the tenant that you are creating.
Optional input values include:
- migratePreludeOAuthClients Defaults to true. If false, existing active directories are not migrated when the tenant is created. For example, set this value to false if you want to associate the tenant with a VMware Aria Suite product later.
- vidmDclDto This data transfer object captures directory information such as names and passwords for AD in VMware Workspace ONE Access. Provide this information if you want to add directories in the primary tenant to the tenant that you are creating.

Procedure

Create a tenant named new_Tenant.

curl -X POST \
  '$url/lcm/authzn/api/v2/idp/tenants/onboard/new_Tenant' \
  -H 'Authorization: Basic YWRtaW5AbG9jYWw6VGhpc0lzUGFzc3dvcmQ=' \
  -H 'Content-Type: application/json' \
  -d '{
    "migratePreludeOAuthClients": false,
    "vidmCludDto": {
      "email": "<tenant_admin_email>",
      "familyName": "<tenant_admin_family_name>",
      "givenName": "<tenant_admin_given_name>",
      "password": "<tenant_admin_password>",
      "userName": "<tenant_admin_username>"
    }',
    "vidmDclDto": {
      "adOverLdapDirectories": [
        {
          "directoryBindPassword": "<AD_password>",
          "directoryName": "<AD_name>"
        }
      ],
      "adWithIwaDirectories": [
        {
          "directoryBindPassword": "<AD_bind_password>",
          "directoryName": "<AD_name>",
          "domainAdminPassword": "<AD_admin_password>"
        }
      ]
    }
  }' | jq "."

A snippet of the response provides a request ID that you can use to check the status of the request.

{
  "requestId": "a0d8d8cd-ac87-4b5c-ba8b-7a0173c56b55"
}

Assign the variable for the requestId.

requestId = "a0d8d8cd-ac87-4b5c-ba8b-7a0173c56b55"

Use the requestID to track your request.

curl -X GET '$url/lcm/authzn/api/v2/idp/tenants/requests/$requestId' -H 'Authorization: Basic YWRtaW5AbG9jYWw6VGhpc0lzUGFzc3dvcmQ=' | jq "."

After the request succeeds, the new tenant is created in VMware Workspace ONE Access.

Example: How do I add a tenant that is associated with a product?

To create a tenant that is associated with a product so that it can use the services that the product provides, you make the request and include the productsToAssociateWith field that includes an environment ID and the product in the request.

The following example shows how to create a tenant named new_vRA_Tenant that is associated with VMware Aria Automation.

curl -X POST \
  '$url/lcm/authzn/api/v2/idp/tenants/onboard/new_vRA_Tenant' \
  -H 'Authorization: Basic YWRtaW5AbG9jYWw6VGhpc0lzUGFzc3dvcmQ=' \
  -H 'Content-Type: application/json' \
  -d '{
    "migratePreludeOAuthClients": true,
    "productsToAssociateWith": [
      {
        "environmentId": "cd6043b4-4848-4f57-90f9-90ab87274185",
        "productId": "vra"
      }
    ],
    "vidmCludDto": {
      "email": "frodo@example_company.com",
      "familyName": "Pepsidev56-157_last_name",
      "givenName": "Pepsidev56-157_first_name",
      "password": "S0mePassw0rd!",
      "userName": "Pepsidev56-157"
    },
    "vidmDclDto": {
      "adOverLdapDirectories": [
        {
          "directoryBindPassword": "ADB!ind1_Passw0rd!",
          "directoryName": "AD_1"
        }
      ],
      "adWithIwaDirectories": [
        {
          "directoryBindPassword": "ADB!nd2_Passw0rd!",
          "directoryName": "AD_2",
          "domainAdminPassword": "AD_D0main_Passw0rd!"
        }
      ]
    }
  }' | jq "."

What to do next

Associate the tenant with a product. GUID-65248C90-0741-49F0-B606-3BE956A82244.html#GUID-65248C90-0741-49F0-B606-3BE956A82244.