vTrack
Contributor
Contributor

Using different SAML provider and iDP for vCenter access

We have deployed a vCenter 6.5 appliance instance with SSO and IDP (Identity Provider) configured. All users in our organisation (Org-A) could login use our domain (DomainA) configured ensuring two factor authentication works fine.

Now further to requirements, need to add an additional domain (DomainB) with a different set of users/groups from another organisation who need access to same vCenter environment. However, they want to use a different SAML Service Provider and iDP used for their in-house applications. Could I make this all work together? What approach should I be looking here? Any suggestions?

0 Kudos
2 Replies
mhampto
VMware Employee
VMware Employee

After discussing this with some tech's there can be only one SAML provider and iDP attached to the SSO. Are the two domains completely independent?

0 Kudos
hegdec
VMware Employee
VMware Employee

I am trying to integrate my vCenter with at least one SAML iDP. The method followed was as simple as extracting the metadata file ( which is offered in the SAML tab of vCenter ) & using it in my SAML based iDP ( workspace one ) in this case & using the metadata file from the workspace one for importing. Strangely, the importing status isn't shown. Assuming import is completed successfully, both the iDP initiated & SP initiated way of invocation isn't working.

May I know, how you were able to make the access work via SAML iDP? What was the SAMP iDP that you were trying against?

0 Kudos