Managing Clients with UAAC
Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu Application Service.
Page last updated:
This topic explains how plan administrators use the User Account and Authentication Command Line Interface (UAAC) to manage existing UAA Identity Zone clients.
This section explains when and why you use the UAAC to update UAA Identity Zone clients.
All clients mentioned on this page are UAA Identity Zone clients. However, there are two kinds of UAA Identity Zone clients:
- Non-Admin clients—When app developers configure their apps to use Single Sign‑On for VMware Tanzu Application Service, each app corresponds to a non-admin client for a Single Sign‑On service plan.
- Admin clients—These can modify other clients and are created by completing the procedure below. See Create an Admin Client.
Do not use the UAAC to do the following:
Create clients—Do not create clients through UAAC because additional metadata is required for their usage by Single Sign‑On.
Make most types of updates—Most updates for UAA Identity Zone clients can be made through the SSO Developer Dashboard.
Some updates cannot be done through the SSO Developer Dashboard and so must be made through the UAAC. You need to use the UAAC if you want to set a configuration to a value that is not listed on the SSO Developer Dashboard.
To use the UAAC to modify clients, you need an admin client that corresponds to your Single Sign‑On service plan.
If you do not already have an admin client for your UAA Identity Zone, follow the steps below to create an admin client.
- Target your deployment using
- Target an org and space that your service plan is visible in.
- If you have not already created a service instance for your service plan, create one now. For how to create an instance, see Create a Service Instance. The service instance exposes the SSO Developer Dashboard.
- Log in to the SSO Developer Dashboard as an administrator.
You can find the dashboard URL by using Apps Manager or
cf service SERVICE-INSTANCE-NAME.
- Click New App.
- Enter an App Name.
- Under Select an Application Type, select Service-to-Service App.
Click Select Scopes > Admin Permissions.
Set the scopes as necessary for configuring the UAA resource.
For… Add these scopes… For more information, see… updating UAA clients
Update Clients with UAAC below. managing Single Sign‑On service plans
Updating Service Plans with UAAC. updating identity providers
Updating Identity Providers with UAAC.
Record the App ID and App Secret.