Learn about the authentication for user and service accounts.

VMware Aria Operations for Applications (formerly known as Tanzu Observability by Wavefront) supports these authentication options:

  • Direct authentication: With direct authentication, users authentication with user name and password and service accounts authenticate with a token.
  • Authentication through an SSO identity provider: You can choose from supported self-service SAML SSO provider or request and multi-tenant SSO support.

Direct Authentication

Operations for Applications supports direct authentication for user accounts and service accounts.

  • User accounts must authenticate with a user name and password.

    As a Super Admin user or a user with the Accounts permission, you can invite new users and then manage the user accounts by adding them to groups with specific roles, for example.

  • Service accounts that must authenticate with a token.

    A service account usually is used to perform management tasks. Service accounts can’t perform the UI operations that all user accounts can perform by default. There’s no limit on the number of service accounts that you can create in your organization.

Self-Service SAML SSO

You can use the authentication provided by Operations for Applications or use one of the supported authentication integrations. Operations for Applications supports several authentication solutions including:

We also support self-service SAML SSO setup. After the administrator sets up self-service SAML SSO, users will log in to the service instance by using the identity provider that the administrator has set up instead of using a password. New users who did not exist in the service instance are auto-created when they authenticate for the first time.

If a customer’s chosen authentication solution supports two-factor authentication, Operations for Applications requires two-factor authentication for login.

Multi-Tenant SSO

Large customers can request multi-tenant SSO. Multi-tenancy is set up jointly by the administrator at the customer site and our Technical Support team.

Users in different teams inside the company can authenticate to different tenants and cannot access the other tenant’s data.

Learn More