Logging in to the vCenter VAMI with an AD account

One of my students asked if it is possible to also login to the vCenter server appliance management interface (VAMI) with an Active Directory account. The VAMI is available on your vCenter server on port 5480. After installation of the vCenter Appliance you can login with root and with administrator@vsphere.local (or a different SSO-domain name if you have entered something else than  vsphere.local).

But when the vCenter server is configured with active directory as an identity source it is also possible to login with an AD-account. And it is even possible without any additional permissions. You would just not see any details about the server's configuration. The two images below show an example of what a user will see when logging in with an AD-account without any permissions.

To manage the vCenter Appliance via the VAMI the AD user must be assigned as a member of the Administrators group in the vCenter Single Sign On configuration.

In the image below you can see that user Rob is assigned to this group.

Now if AD user Rob logs in to the VAMI all necessary permissions for management are there. 


Follow us on LinkedIn




Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer