Re: Prevent any user from logging into the vcenter...

sandroalvesbras · ‎06-28-2020

Hi,

I did a test with any domain user and I can connect to the vcenter web client.

Is it possible to prevent domain users from logging in, leaving only a few users?

Thank you.

Alex_Romeo · ‎06-28-2020

Hi,

you must create a group in AD and in the vcenter you give the right of access to the group, instead of in the whole AD.

users who are part of this group in AD, log into the vCenter.

Add Members to a vCenter Single Sign-On Group

https://www.altaro.com/vmware/using-permissions-to-secure-vcenter-server/

ARomeo

Blog: https://www.aleadmin.it/

sandroalvesbras · ‎06-28-2020

AlessandroRomeo68

Did you understand what I meant?

I want to prevent anyone from logging in.

Here is what I mean:

https://www.virtuallyghetto.com/2017/03/vsphere-6-5b-prevents-vsphere-web-client-logins-for-users-wo...

Tks.

IRIX201110141 · ‎06-28-2020

Thats not possible and was a design flaw from the early days of SSO and changed later. But i dont see the problem because without vCenter permissions the user which logged into doesnt see anything.

Solution is quite simple and you should just update your vcenter.

Regards,
Joerg

nachogonzalez · ‎08-11-2020

You can do 2 things:
- assign the no access role to the datacenter to all members of AD
- Remove the AD identity source from vCenter.

Note:

Please remember to keep communications corteous and professional, this is a community driven channel, people are putting their time at your service.

Blog Nachogonzalez.com.ar Twitter @nachogon_

nachogonzalez · ‎08-11-2020

I correct myself:

First option will allow the users (any) to log in to a blank screen
Second option will not allow any AD user to log in.

You can also edit the Identity source DN so it only syncs with a particular group.

Blog Nachogonzalez.com.ar Twitter @nachogon_

All

Prevent any user from logging into the vcenter 5.5 web client