Hi,
I did a test with any domain user and I can connect to the vcenter web client.
Is it possible to prevent domain users from logging in, leaving only a few users?
Thank you.
Hi,
you must create a group in AD and in the vcenter you give the right of access to the group, instead of in the whole AD.
users who are part of this group in AD, log into the vCenter.
Add Members to a vCenter Single Sign-On Group
https://www.altaro.com/vmware/using-permissions-to-secure-vcenter-server/
ARomeo
AlessandroRomeo68
Did you understand what I meant?
I want to prevent anyone from logging in.
Here is what I mean:
Tks.
Thats not possible and was a design flaw from the early days of SSO and changed later. But i dont see the problem because without vCenter permissions the user which logged into doesnt see anything.
Solution is quite simple and you should just update your vcenter.
Regards,
Joerg
You can do 2 things:
- assign the no access role to the datacenter to all members of AD
- Remove the AD identity source from vCenter.
Note:
Please remember to keep communications corteous and professional, this is a community driven channel, people are putting their time at your service.
I correct myself:
First option will allow the users (any) to log in to a blank screen
Second option will not allow any AD user to log in.
You can also edit the Identity source DN so it only syncs with a particular group.