Quantcast
Channel: VMware Communities : Blog List - All Communities
Viewing all articles
Browse latest Browse all 3135

Workspace ONE Access PeopleSearch - how to sync your people information daily

$
0
0

In this blog, we will walk through the steps to get your People Information synced on a daily basis with AWS Lambda and CloudWatch.

 

I will be assuming that you already utilise Workspace ONE Access and you have already an Active Directory associated with Workspace ONE Access and it syncs frequently.

 

Prerequisites:

1. Login in your Workspace ONE Access tenant as an Administrator over https://<your_Workspace_ONE_Access_tenant_URL>/SAAS/auth/login

2. Switch to Administration console

3. Navigate to Identity & Access Management tab.

4. Open your directory information.

5. Go to Sync settings.

6. Confirm the sync frequency and check whether scheduled syncs are successful.

Screenshot 2020-02-28 at 18.24.35.png

Screenshot 2020-02-28 at 18.24.48.png

 

7. Make yourself familiar with API calls in Workspace ONE Access.

8. Create a Service Client Token to be able to run API calls (Create Remote App Access Client)

9. Get your directory ID opening Inspect Element in Chrome, Choose Network, XHR and Navigate to Identity & Access Management tab. One of the lines loaded contains your directory id.

Screenshot 2020-02-28 at 18.22.42.png

 

Step 1: Configure PeopleSearch

This initial configuration shows how to enable People Search and get to a once per week sync.

1. Click on the drop-down arrow on the Catalog tab button.

2. Choose Settings.

3. Navigate to People Search.

4. Check Enable and click Next.

Screenshot 2020-02-28 at 18.26.55.png

5. Select your directory.

(Note: if you have multiple directories added, you will be able to configure People Search only for one of them!)

6. Check all the attributes that you want People Search to sync and display in the People Tab in the end user catalog portal. Click Next.

Screenshot 2020-02-28 at 18.27.55.png

 

7. Map the VMware Workspace ONE Access attribute names to the Active Directory attribute names. Click Next.

Screenshot 2020-02-28 at 18.28.56.png

 

8. Specify the users that you want to sync. Click on Save & Sync.Screenshot 2020-02-28 at 18.29.48.png

9. Verify that People Tab appears in End User Portal.

Screenshot 2020-02-28 at 18.31.39.png

 

Step 2: Import pictures into your Active Directory

1. Log in to a domain controller

2. Run PowerShell as an Administrator and enter following commands:

     $photo = [byte[]](Get-Content path of pic -Encoding byte)
     Set-ADUser username -Replace @{thumbnailPhoto=$photo}

     Example:
     $photo = [byte[]](Get-Content C:\Users\Public\Pictures\"Sample Pictures"\cuser1_picture.jpg -Encoding byte)
     Set-ADUser cuser1 -Replace @{thumbnailPhoto=$photo}

 

Step 3: Run a manual sync

There is no tab where you can check the sync schedule or status of PeopleSearch sync. This can be done only over an API call executed in Postman.

1. Run following API call:

GET : https://<your_Workspace_ONE_Access_tenant_URL>/SAAS/jersey/manager/api/connectormanagement/directoryconfigs/<directory_Config_Id>/syncprofile/photosyncprofile

Headers :

Content-Type : application/vnd.vmware.horizon.manager.connector.management.directory.sync.profile.photosync.schedule+json

Accept : application/vnd.vmware.horizon.manager.connector.management.directory.sync.profile.photosync.schedule+json

Authorisation : HZN eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJqdG

You will get Response 200 OK with following body:

{

 

    "syncSchedule": {

        "frequency": "weekly",

        "dayOfWeek": "sunday",

        "hours": 21,

        "minutes": 55,

        "seconds": 0

    },

    "photoAttribute": "thumbnailPhoto",

    "_links": {

        "self": {

            "href": "/SAAS/jersey/manager/api/connectormanagement/directoryconfigs/<directory_Config_Id>/syncprofile/photosyncprofile"

        },

        "hw-photo-sync": {

            "href": "/SAAS/jersey/manager/api/connectormanagement/directoryconfigs/<directory_Config_Id>/syncprofile/photosyncprofile/sync"

        }

    }

}

 

Currently, you cannot set any other value for frequency, but "weekly". If you want to get pictures or any other PeopleSearch information synced sooner than Sunday evening, you can run the following API:

POST : https://<your_Workspace_ONE_Access_tenant_URL>/SAAS/jersey/manager/api/connectormanagement/directoryconfigs/<directory_Config_Id>/syncprofile/photosyncprofile/synchttps://sva-madhuri.hs.trcint.com/SAAS/jersey/manager/api/connectormanagement/directoryconfigs/5af06e79-7567-4632-abd2-e99336c408bc/syncprofile/photosyncprofile

Headers :

Content-Type : application/vnd.vmware.horizon.manager.connector.management.directory.sync.profile.photosync.schedule+json

Accept : application/vnd.vmware.horizon.manager.connector.management.directory.sync.profile.photosync.schedule+json

Authorisation : HZN eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJqdG

Request Body : {"ignoreSafeguards" : true}

Response : 200 Ok

 

Step 4: Schedule a daily sync with AWS Lambda and CloudWatch

In modern, dynamic companies, weekly sync is not satisfying for your users. People change their pictures and want this to be reflected as soon as possible. You also want to find your colleagues' phone number immediately, if you need it and not wait for a week. The best option is to automate the manual sync with a simple and efficient Python script and in order for its execution to not depend on your availability, you can schedule it to run daily. A very good and simple tool is AWS Lambda.

1. Write your Python script.

 

import json

 

import requests


user = "<your_service_client_token_id>"

shared_secret = "<the_shared_secret_of_your_service_client_token>"

 

def get_access_token():

  header = {'Content-Type': "application/x-www-form-urlencoded"}

  data = {'grant_type': 'client_credentials'}

  request = requests.post('https://<your_Workspace_ONE_Access_tenant_URL>/SAAS/auth/oauthtoken', headers=header, params=data, auth=(user, shared_secret))

  token = request.json()['access_token']

   return token

 

def manual_sync():

  token = get_access_token()

  header = {}

  header['Authorization'] = "HZN %s" % token

  header['Content-Type'] = "application/vnd.vmware.horizon.manager.connector.management.directory.sync.profile.photosync.sync+json"

  header['Accept'] = "application/vnd.vmware.horizon.manager.connector.management.directory.sync.profile.photosync.sync+json"

  body = {'ignoreSafeguards':True}

  body = json.dumps(body)

  url = "https://<your_Workspace_ONE_Access_tenant_URL>/SAAS/jersey/manager/api/connectormanagement/directoryconfigs/<directory_Config_Id>/syncprofile/photosyncprofile/sync"

  response = requests.request('POST', url, headers=header, data=body)

  print(response)

  print(response.text)


manual_sync()

 

2. Log into your AWS Console and navigate to Lambda.

3. Click on Create Function.

Screenshot 2020-02-28 at 18.33.01.png

4. Choose Author from scratch, give your function an applicable name and choose Python 3.7 as Runtime. Click again on Create function to proceed.

Screenshot 2020-02-28 at 18.34.02.png

 

5. In the next screen, choose Edit code inline and you can write your code in the same way you would do it in your preferred IDE. Please note that your main function has to be modified in order to work properly in Lambda.

(Note: You need to add "event" and "context" as parameters of your function. The function does not have to be called. Iy has to be specified in the handler field.)

 

def manual_sync(event, context):

  token = get_access_token()

  header = {}

  header['Authorization'] = "HZN %s" % token

  header['Content-Type'] = "application/vnd.vmware.horizon.manager.connector.management.directory.sync.profile.photosync.sync+json"

  header['Accept'] = "application/vnd.vmware.horizon.manager.connector.management.directory.sync.profile.photosync.sync+json"

  header['cache-control'] = "no-cache"

  body = {'ignoreSafeguards':True}

  body = json.dumps(body)

  url = "https://<your_Workspace_ONE_Access_tenant_URL>/SAAS/jersey/manager/api/connectormanagement/directoryconfigs/<directory_Config_Id>/syncprofile/photosyncprofile/sync"

  response = requests.request('POST', u, headers=header, data=body)

  print(response)

  print(response.text)

 

Screenshot 2020-02-28 at 18.35.28.png

6. Click on Add trigger and choose CloudWatch Events/EventBridge.

7. From the list with rules, opt for Create a new rule.

8. Give your rule an applicable name, description and add a cron expression to set the time when you want your function to be executed.

(Note: Cron expressions are by default in UTC. This cannot be changed. The example is for a rule that is triggered every day at 10:00am UTC.

Screenshot 2020-02-28 at 18.37.40.png

 

9. Click on Add.

10. Test your function and save it.

 

Enjoy your up-to-date information every day.


Viewing all articles
Browse latest Browse all 3135

Trending Articles