We would like to use Azure SSO/SAML with vSphere 7 and conditional access to use MFA. We do not see the ability to use this as an option. Is this still an option for vSphere 7 and it looks like it was once an option for vSphere 6.7 at one time. Note this article -- https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.psc.doc/GUID-24FBEF5A-4A93-468B-A039-A52603...
Are there any other options available to get Azure SSO/SAML setup with vSphere 7 since we no longer want to support ADFS since it is an on-premise solution.
Under Administration > Single Sign On > Configuration and configure your Identity Provider there.
Thanks for the reply. I see no options to setup SAML with Azure only ADFS and we don't want to use that since it is being deprecated or am I missing something with a pre-requisite for this to show?
Chandler,
Did you find a way to integrate Azure SSO instead of AD FS?
Did someone configure Azure AD for SSO on Vcenter 7 ?
Jwells,
No luck with this setup. If you find a way I'd appreciate any details. Thanks.
Hi CchandlerBT,
Were you able to find a way to integrate with Azure AD for authentication? There is a option for using identity source over LDAP/S, did you try using Azure AD details there?
Thanks
In 7.0 this does not seem to be an option as mentioned in the original updated post.
Only supports
Integrated Windows Authenticaion, AD over LDAP, OpenLDAP and ADFS.
I have been trying to make it work with my ADFS server but, since my on prem domain is different than the UPN we use, it has been a hassle. Looks like I need to do an ADFS claim to transform the initial on prem domain login to the UPN for it too work. Pretty cumbersome.
I am hoping vCenter 8.0 has updated IDP capabilities, but I don't see any documentation online yet. The vSphere/vCenter documentation for 8.0 regarding auth looks like the 7.0 documentation. I just have had the time to expore vCenter 8.0 yet.
I have seen people using Duo and their proxy app to make it work.
Very old thread, but to update this is possible, you need to use an On-Prem ADFS setup to handle the SAML connection from vCenter.
vCenter > ADFS > Second Factor > AzureAD Conditional Access (2FA + Other rules)
@saravalkyrie wrote:Very old thread, but to update this is possible, you need to use an On-Prem ADFS setup to handle the SAML connection from vCenter.
vCenter > ADFS > Second Factor > AzureAD Conditional Access (2FA + Other rules)
Just wondering if you have any more specific details how this was accomplished?
We have the details on getting ADFS setup for vCenter, but the "Second Factor" portion is the question. Was that an ADFS relying party trust setting to tell it go to Azure AD for this second factor and thus use some Conditional Access rules?
TIA