VMware Cloud Community
synackman
Contributor
Contributor

VCenter server and 2FA with RSA Secure ID

If I want to enable 2FA with VCenter Server (Using RSA Secure ID), but keep a single local authentication account for backup/emergency purposes, is this possible?   Concern is if RSA/2FA fails, would be locked out.   Thanks,   

Reply
0 Kudos
2 Replies
DroboDeveloper
Contributor
Contributor

I would recommend you protect VCenter with ADFS, then do 2FA within your preferred IDaaS (e.g. Azure AD) by setting that IdP as a Claims Provider Trust within ADFS. That way, your IdP does the authentication (not ADFS). Conditional access policies within your IDaaS will give you the 2FA you're looking for.

Once done, the UX will be as follows:

  1. Go to VCenter. Then, type in your username (likely your email address).
  2. VCenter will redirect you to ADFS, which will automatically redirect you to your IdP.
  3. Once you authenticate with your IdP the conditional-access policies you set on for the application will mandate 2FA.
  4. Once the 2FA challenge is done, you'll be redirected back to VCenter, authenticated and signed in.
scott28tt
VMware Employee
VMware Employee

Post reported to moderators, since there is an area of the Communities for vCenter Server, it should now get moved.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos