The vRealize Operations Manager virtual appliance root and application administrator local accounts are set during installation, and the administrator user can be managed using the administration interface.

Both passwords can be reset using virtual machine console on each node VMs. Local passwords are encrypted and stored in the PostgreSQL metadata database.

vRealize Operations Manager can authenticate users in any of the following ways:

User accounts and groups are managed through the vRealize Operations Manager user interface. Groups can be populated with locally created or LDAP user accounts, with permissions set at the group level and inherited by members of the group.

LDAP users can be imported into vRealize Operations Manager and assigned to vRealize Operations Manager groups in a single operation.

LDAP passwords are not imported into vRealize Operations Manager. Instead, the LDAP database is queried for each authentication operation. LDAP passwords cannot be changed in vRealize Operations Manager.

The use of local accounts is discouraged because the management overhead can be large. vCenter Server authentication can be useful for vRealize Operations Manager users who need only to interact with vSphere objects.

In a service provider environment, many products beyond vSphere are likely to be monitored by vRealize Operations Manager (for example, VMware vCloud Director®). For flexibility of object access and relatively low overhead of management, VMware recommends integration with LDAP and synchronization of vRealize Operations Manager local groups with existing or purpose-created LDAP global groups.

There can be significant overhead in managing local accounts. Consider integrating vRealize Operations Manager with an LDAP directory such as Active Directory, or using vCenter Server authentication.