Configure your vCenter appliance for Active Directory Single Sign-On

After deploying the vCenter Linux Appliance with a default and embedded Single Sign-On configuration you can login to vCenter with two user accounts: root and Administrator@vsphere.local. If you have Active Directory in your environment you might want to add that to your vCenter-server as an identity source for Single Sign-On.

To perform this task login to the vSphere Web Client as user Administrator@vsphere.local. This is the default user that was created with the setup wizard in the vCenter appliance. You have configured the password for this user during setup. 

Once you are logged in access the Administration-menu on the left and under the Single Sign-On section select Configuration

vCenter SSO config

Next click the Plus-icon to add an identity source. In the image below you can see a default configuration for attaching your configuration to Active Directory. 

SSO config for Active Directory

When you have added AD as an identity source you could already assign permissions to your users to work with vCenter. But it might also be a good idea to configure your Active Directory administrators to the Administrators-group of the Single Sign-On configuration. When you do this you can manage Single Sign-On with your AD-account and you don't need to login with the default vSphere.local account.

In the image below you can see where to do this. In the Users and Groups-section of the Single Sign-On configuration. You can find the Administrators group under the Groups-tab.

Add AD users to SSO administrators group

As a last step don't forget to assign permissions to your active directory users to manage your vCenter-inventory.

vCenter permissions for SSO users

Once all this is done you can now login to the vSphere Web Client with your Active Directory user account.


getting started tags
Follow us on LinkedIn




Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer