Or, How integrate
vCenter server appliance 6.0 with Active Directory?
Or, How to configure
SSO on vCenter server appliance 6.0?
Or, AD Integration of
vCenter server appliance
Descriptions: To
be able to sign-in in vCenter server with AD account or to able to use SSO you
must enable AD integration with vCenter server and enable SSO. There has been
multiple articles where it’s confusing to understand what is difference between
SSO and AD integration of vCenter server and what you actually need to be able
to use your AD credentials for login in to the vCenter server…
Friends, so far as per my understanding, the difference
between AD integration and SSO configuration is as below:
AD integration is
just joining your vCenter server appliance in AD domain, as you do for windows
machines (joining a workgroup windows machine in domain).
SSO (Single Sign On)
configuration is adding your domain in Identify
Sources section under SSO configuration of vCenter server to synchronize
all AD users in vCenter Users and Group
section so that you can add these AD users latter in vCenter Server’s different
roles to grant them access of vCenter server.
This way, you can use your single account for login in your
windows machine and vCenter server. This where the SSO requirements meets.
Steps: AD integration
of vCenter server
Login to vSphere web console with administrator@vsphere.local
account > Go to Systems Configurations
Click on Nodes under
System Configuration> Select the vCenter
Server appearing under Nodes
Click on Manage >
Settings > Active Directory
Click on Join
Provide all the required details as reference shown in the
below screenshot and Click OK. As soon as you click OK, the virtual appliance
will be reboot to take the changes in effect.
--------------------------------------------------------------------------------------------------------------------------
To know more what
details to provide in which field, refer the below notes:
Domain : Active Directory domain name, for example, TechiesSphere.com.
Do not provide an IP address in this field.
Organizational unit:
The full OU LDAP FQDN, for example, OU=Engineering,DC=TechiesSphere,DC=com. Use
this field only if you are familiar with LDAP.
User name: User
name in User Principal Name (UPN) format, for example, domainadmin@techiessphere.com.
Down-level login name format, for example, DOMAIN\UserName, is unsupported.
Password:
Password of the user.
--------------------------------------------------------------------------------------------------------------------------
After reboot, when you will come back to this page again,
you would be able to see your domain
name, Join button is grayed out,
and Leave button is available.
Steps: SSO (Single Sign On) Configuration
Login to vSphere Web
Client > Go to Administration
Go to Configuration >
Identity Sources > Click on + sign
Select Active
Directory (Integrated Windows Authentication) > Provide other required
details > OK
To verify if the configuration is completed, Go to Users and Groups > Users > Under Domain section, click
on Down arrow to see if your domain name is appearing there > If its
appearing there means the configurations is done successfully.
Now you can add any AD users in any vSphere Roles to enable them to login in
vSphere with AD credentials.
Cheers, Please write me back if you have any query or feedback.