Sunday 16 April 2017

vCenter server appliance AD integration and SSO configurations

Or, How integrate vCenter server appliance 6.0 with Active Directory?
Or, How to configure SSO on vCenter server appliance 6.0?
Or, AD Integration of vCenter server appliance

Descriptions: To be able to sign-in in vCenter server with AD account or to able to use SSO you must enable AD integration with vCenter server and enable SSO. There has been multiple articles where it’s confusing to understand what is difference between SSO and AD integration of vCenter server and what you actually need to be able to use your AD credentials for login in to the vCenter server…

Friends, so far as per my understanding, the difference between AD integration and SSO configuration is as below:

AD integration is just joining your vCenter server appliance in AD domain, as you do for windows machines (joining a workgroup windows machine in domain).

SSO (Single Sign On) configuration is adding your domain in Identify Sources section under SSO configuration of vCenter server to synchronize all AD users in vCenter Users and Group section so that you can add these AD users latter in vCenter Server’s different roles to grant them access of vCenter server.

This way, you can use your single account for login in your windows machine and vCenter server. This where the SSO requirements meets.

Steps: AD integration of vCenter server

Login to vSphere web console with administrator@vsphere.local account > Go to Systems Configurations













Click on Nodes under System Configuration> Select the vCenter Server appearing under Nodes













Click on Manage > Settings > Active Directory










Click on Join









Provide all the required details as reference shown in the below screenshot and Click OK.  As soon as you click OK, the virtual appliance will be reboot to take the changes in effect.
--------------------------------------------------------------------------------------------------------------------------
To know more what details to provide in which field, refer the below notes:
Domain : Active Directory domain name, for example, TechiesSphere.com. Do not provide an IP address in this field.
Organizational unit: The full OU LDAP FQDN, for example, OU=Engineering,DC=TechiesSphere,DC=com. Use this field only if you are familiar with LDAP.
User name: User name in User Principal Name (UPN) format, for example, domainadmin@techiessphere.com. Down-level login name format, for example, DOMAIN\UserName, is unsupported.
Password: Password of the user.
--------------------------------------------------------------------------------------------------------------------------












After reboot, when you will come back to this page again, you would be able to see your domain name, Join button is grayed out, and Leave button is available.










Steps: SSO (Single Sign On) Configuration

Login to vSphere Web Client > Go to Administration










Go to Configuration > Identity Sources > Click on + sign










Select Active Directory (Integrated Windows Authentication) > Provide other required details > OK


















To verify if the configuration is completed, Go to Users and Groups > Users > Under Domain section, click on Down arrow to see if your domain name is appearing there > If its appearing there means the configurations is done successfully.









Now you can add any AD users in any vSphere Roles to enable them to login in vSphere with AD credentials.

Cheers, Please write me back if you have any query or feedback.

2 comments:

  1. Hi Amit,

    Thanks to you for this post, because this is very helpful for me.

    ReplyDelete
    Replies
    1. Glad to know that it helped you..thanks for your feedback..

      Delete