- Active Directory (Integrated Windows Authentication)
- Active Directory as an LDAP server
Note: there are underlying issues using ‘AD Integrated Windows Authentication’ when VMware SRM is part of a solution.
The chosen SSO identity source outlined in this example is ‘Active Directory as an LDAP Server’. This is also the identity source configuration used for an EHC solution.
The following steps detail how to add AD LDAP authentication in vCenter 6.0 (PSC):
2. Navigate to Administration->Single-sign-on->Configuration, then click the ‘Identity Sources’ tab.
3. Click the green + to add a new identity source.
4. Select Active Directory as an LDAP server and fill in the details. The following images provide an example configuration:
5. Click on the ‘Test Connection’ button in order to validate AD connectivity is successful.
Now that the AD identity source is configured and AD connectivity has been validated you can proceed to add AD user(s) to the SSO administrators group.
Note: Adding Groups is not supported – Assign only individual users from your Active Directory to the vCenter Single Sign-On Administrators group. Please refer to the following VMware KB:
Assigning AD User to the vCenter Single Sign-On Administrators group:
1. Under SSO select ‘Users and Groups’
2. Select the ‘Groups’ tab and chose ‘Administrators’ from the list provided. Under ‘Group Members’ click the green + member icon:
3. Select your domain and add your desired users to the SSO Administrators group:
Default EHC vCenter SSO administrators: app_nsx_sso, app_vro_sso, ehc_sysadmin