Showing posts with label vcenter active directory authentication. Show all posts
Showing posts with label vcenter active directory authentication. Show all posts

Sunday 16 April 2017

vCenter server appliance AD integration and SSO configurations

Or, How integrate vCenter server appliance 6.0 with Active Directory?
Or, How to configure SSO on vCenter server appliance 6.0?
Or, AD Integration of vCenter server appliance

Descriptions: To be able to sign-in in vCenter server with AD account or to able to use SSO you must enable AD integration with vCenter server and enable SSO. There has been multiple articles where it’s confusing to understand what is difference between SSO and AD integration of vCenter server and what you actually need to be able to use your AD credentials for login in to the vCenter server…

Friends, so far as per my understanding, the difference between AD integration and SSO configuration is as below:

AD integration is just joining your vCenter server appliance in AD domain, as you do for windows machines (joining a workgroup windows machine in domain).

SSO (Single Sign On) configuration is adding your domain in Identify Sources section under SSO configuration of vCenter server to synchronize all AD users in vCenter Users and Group section so that you can add these AD users latter in vCenter Server’s different roles to grant them access of vCenter server.

This way, you can use your single account for login in your windows machine and vCenter server. This where the SSO requirements meets.

Steps: AD integration of vCenter server

Login to vSphere web console with administrator@vsphere.local account > Go to Systems Configurations













Click on Nodes under System Configuration> Select the vCenter Server appearing under Nodes













Click on Manage > Settings > Active Directory










Click on Join









Provide all the required details as reference shown in the below screenshot and Click OK.  As soon as you click OK, the virtual appliance will be reboot to take the changes in effect.
--------------------------------------------------------------------------------------------------------------------------
To know more what details to provide in which field, refer the below notes:
Domain : Active Directory domain name, for example, TechiesSphere.com. Do not provide an IP address in this field.
Organizational unit: The full OU LDAP FQDN, for example, OU=Engineering,DC=TechiesSphere,DC=com. Use this field only if you are familiar with LDAP.
User name: User name in User Principal Name (UPN) format, for example, domainadmin@techiessphere.com. Down-level login name format, for example, DOMAIN\UserName, is unsupported.
Password: Password of the user.
--------------------------------------------------------------------------------------------------------------------------












After reboot, when you will come back to this page again, you would be able to see your domain name, Join button is grayed out, and Leave button is available.










Steps: SSO (Single Sign On) Configuration

Login to vSphere Web Client > Go to Administration










Go to Configuration > Identity Sources > Click on + sign










Select Active Directory (Integrated Windows Authentication) > Provide other required details > OK


















To verify if the configuration is completed, Go to Users and Groups > Users > Under Domain section, click on Down arrow to see if your domain name is appearing there > If its appearing there means the configurations is done successfully.









Now you can add any AD users in any vSphere Roles to enable them to login in vSphere with AD credentials.

Cheers, Please write me back if you have any query or feedback.

Wednesday 17 February 2016

How To Integrate vSphere 6.0 With AD ?

Or, How To Integrate vSphere 6.0 With Active Directory?

1. Make sure your vCenter Server is joined in your domain; it should not be part of Workgroup.

2 If it is not already joined in domain, please join it in domain.

3. Open CMD with Administrative privilege:
    Go to Search> Type CMD > Right Click on it and Say Run as Administrator

4. Locate to directory “C:\Program Files\VMware\vCenter Server\VMware Identity Services\scripts” By typing on CMD:
cd C:\Program Files\VMware\vCenter Server\VMware Identity Services\scripts

      5. Type below command and hit Enter:
sso-add-native-ad-idp.cmd vmware.com

6. Wait for this command to be completed.

You can verify it now in vCenter vSphere console if the domain name is being highlighted in access rights management section or not.

It should look like below reference screenshot(your domain name should be appearing there):