Use Active Directory for vCenter Authentication and SSO

To authenticate your vCenter users with Active Directory for Single Sign-On (SSO) follow the method below.  This will work for VMware vSphere versions 6.0 and 6.5.  You will first need  join the vCenter server to the domain.

1. Open your vCenter web client and go to Administration > System Configuration > Nodes > Click on the IP of your node.

2. Click on the Manage tab

Use Active Directory for vCenter Authentication-4

3. Click Active Directory and then click join

Use Active Directory for vCenter Authentication-5




4. Enter your domain details and domain admin credentials then click OK.  You do not need to enter organisational unit details (it will use the default computers OU).

Use Active Directory for vCenter Authentication-6

5. Right click on the node and click reboot

Use Active Directory for vCenter Authentication-7

6. Open your vCenter web client again

7. Login as Single Sign-On Administrator (usually something like Administrator@vsphere.local)

8. Go to Administration > Single Sign-On > Configuration

Use Active Directory for vCenter Authentication

9. Click on the Identity Sources tab and click the green + to add an identity source

Use Active Directory for vCenter Authentication-2

10. The domain details should auto populate then click OK

Use Active Directory for vCenter Authentication-3

11. The Identity sources should be populated with your domain details

Use Active Directory for vCenter Authentication-8

12. Go to Access Control > Global Permissions and click + > Add a domain user as the Administrator role and click OK.

Use Active Directory for vCenter Authentication-9

13. Go to Users and Groups and click the Groups tab.  Under group members click + to add and select your domain admin account.

Use Active Directory for vCenter Authentication-10

14. Logout of vCenter and refresh the page.  Download and install the Client Integration Plugin.

Use Active Directory for vCenter Authentication-11

15. Check the box for ‘Use Windows Session Authentication’ and click OK

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *