Thanks for the reply.  I see no options to setup SAML with Azure only ADFS and we don't want to use that since it is being deprecated or am I missing something with a pre-requisite for this to show?

Chandler,

Did you find a way to integrate Azure SSO instead of AD FS?

Jwells,

No luck with this setup.  If you find a way I'd appreciate any details.  Thanks.

Hi CchandlerBT,

Were you able to find a way to integrate with Azure AD for authentication? There is a option for using identity source over LDAP/S, did you try using Azure AD details there?

Thanks

In 7.0 this does not seem to be an option as mentioned in the original updated post.

Only supports 

Integrated Windows Authenticaion, AD over LDAP, OpenLDAP and ADFS.

I have been trying to make it work with my ADFS server but, since my on prem domain is different than the UPN we use, it has been a hassle.  Looks like I need to do an ADFS claim to transform the initial on prem domain login to the UPN for it too work.  Pretty cumbersome.

I am hoping vCenter 8.0 has updated IDP capabilities, but I don't see any documentation online yet.  The vSphere/vCenter documentation for 8.0 regarding auth looks like the 7.0 documentation.  I just have had the time to expore vCenter 8.0 yet.

I have seen people using Duo and their proxy app to make it work.  

---

@saravalkyrie wrote:

Very old thread, but to update this is possible, you need to use an On-Prem ADFS setup to handle the SAML connection from vCenter.

vCenter > ADFS > Second Factor > AzureAD Conditional Access (2FA + Other rules)

---

Just wondering if you have any more specific details how this was accomplished?

We have the details on getting ADFS setup for vCenter, but the "Second Factor" portion is the question.  Was that an ADFS relying party trust setting to tell it go to Azure AD for this second factor and thus use some Conditional Access rules?

TIA