top of page
  • Rajeshkumar M

vIDM local user creation without email activation using API

When creating local user in VMware Identity Manager(vIDM) the activation link will be send to the email ID. I had VIDM with no SMTP configured so I used API to create a local user in VIDM without email activation. You can refer below API call which I used to create local user in VIDM without email activation.


Python Script


import requests
import json

from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

vidmFQDN = "vidm.domain.local"
vidmUser = "admin"
vidmPass ="password"

userName   = "localuser01"
userPass   = "password"
familyName = "localuser01"
givenName  = "loacluser01"
email = "localuser@domain.local"

url = "https://{}/SAAS/API/1.0/REST/auth/system/login".format(vidmFQDN)
payload = '{{"username":"{}","password":"{}","issueToken":"true"}}'.format(vidmUser, vidmPass)
headers ={"accept":"application/json","Content-Type":"application/json"}

response = requests.request("POST", url, data=payload, headers=headers, verify=False)
session_token=response.json()['sessionToken']

jsonContents ="""{
  "emails": [
    {
      "value": "useremail"
    }
  ],
  "name": {
    "familyName": "userfamilyname",
    "givenName": "usergivenname"
  },
  "password": "userpassword",
  "schemas": [
    "urn:scim:schemas:core:1.0",
    "urn:scim:schemas:extension:workspace:1.0"
  ],
  "urn:scim:schemas:extension:workspace:1.0": {
    "domain": "System Domain"
  },
  "userName": "userid"
}"""

jsonContents = jsonContents.replace('useremail',email)
jsonContents = jsonContents.replace('userfamilyname',familyName)
jsonContents = jsonContents.replace('usergivenname',givenName)
jsonContents = jsonContents.replace('userpassword',userPass)
jsonContents = jsonContents.replace('userid',userName)

url = "https://{}/SAAS/jersey/manager/api/scim/Users".format(vidmFQDN)
headers = {
        'Authorization': 'Bearer '+session_token,
        'Content-Type': 'application/json',
        'accept': 'application/json'
    }

jsonData = json.loads(jsonContents)
response = requests.request("POST", url, data=jsonContents, headers=headers, verify=False)

print(response.json())

Shell Script


if you would like to use shell script instead python, please refer this. The API can be called from any Linux machine with jq installed, I used my vRA appliance to call this API.


vidmfqdn="vidm.corp.local"

echo “-----Get session token from the authentication information provide in data.json------”

session_token=$(curl -k -s -X POST https://$vidmfqdn/SAAS/API/1.0/REST/auth/system/login -H "content-type: application/json" -H "Accept: application/json" -d @data.json | jq -r '.sessionToken')

echo “------------Create  user using the information provided in userinfo.json token-----------”

curl -k https://vidm.corp.local/SAAS/jersey/manager/api/scim/Users -X POST -d '@userinfo.json' \
   -H "Content-Type: application/json" \
   -H "Accept: application/json" \
   -H "Authorization: Bearer $session_token"

The payload json used in the api call


data.json


{
   "username": "admin",
    "password": "password",
   "issueToken": "true"
}

Userinfo.json


{
  "emails": [
    {
     "value": "testing01@corp.local"
    }
  ],
  "name": {
   "familyName": "testing01",
   "givenName": "01"
  },
 "password": "VMware123",
  "schemas": [
   "urn:scim:schemas:core:1.0",
   "urn:scim:schemas:extension:workspace:1.0"
  ],
 "urn:scim:schemas:extension:workspace:1.0": {
   "domain": "System Domain"
  },
 "userName": "testing0101"
}

38 views0 comments

Recent Posts

See All

vSphere Tags to NSX-T Tags

I created a simple powercli script to copy the vSphere Tags to NSX-T, it helped me to copy the NSX-T tags on the recovery VM's in non-federated/local NSX-T managers. Since SRM retain the vSphere TAG's

vIDM Locl user password reset without email link

When resetting config admin or any local user password in VMware identity manager will trigger an email link, if in case the smtp is not working/configured we can use API call to reset the password. Y

bottom of page