VMware Cloud Community
nef_user
Enthusiast
Enthusiast

Orchestrator with vSphere Authentication and ADFS

Hi,

We have a standalone orchestrator with vSphere Authentication. We changed the vCenter identity provider from ad over ldap to adfs. After that, the orchestrator stopped authenticating users from our domain. 

Is there a solution? or is this an expected behavior?

thanks.

0 Kudos
1 Reply
sdtslmn
Enthusiast
Enthusiast

as you can see here there is an important caviat 

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-C5E998B2-11...

 

If you use an Active Directory identity source that you previously added to vCenter Server for your AD FS identity source, do not delete that existing identity source from vCenter Server. Doing so causes a regression with previously assigned roles and group memberships. Both the AD FS user with global permissions and users that were added to the Administrators group will not be able to log in.

Workaround: If you do not need the previously assigned roles and group memberships, and want to remove the previous Active Directory identity source, remove the identity source before creating the AD FS provider and configuring group memberships in vCenter Server.

0 Kudos