vCenter Appliance AD Authentication

hurdle · ‎01-24-2013

With the addition of SSO in 5.1, and the fact that when you logon to the vCenter via Web or Windows Client (If I understand it correctly) authentication passes through SSO then why does the vCenter Appliance still have you set AD in the Admin Settings? I notice that if I don't put AD enabled then when I look in vCenter under roles no Domain is listed.

If SSO takes care of everything why is that the case?

zXi_Gamer · ‎01-25-2013

From my little understanding of SSO and vast amount of googling,

then why does the vCenter Appliance still have you set AD in the Admin Settings?

SSO provides a secured channel like for authenticating the APIs it is registered for. Still for management purpose or assigning roles in VC or web based client, we need to have authentication from a database like or in this case the AD.

I don't put AD enabled then when I look in vCenter under roles no Domain is listed.

This is because, SSO by default has a limited set of users permissions and roles which deal only with the login priveleges/access to other components. There will be no roles in the VC since there is no AD integrated here.

Gkeerthy · ‎01-25-2013

http://blogs.vmware.com/vsphere/2012/09/vcenter-single-sign-on-part-1-what-is-vcenter-single-sign-on...

also just refer the above for more info regarding the SSO

Please don't forget to award point for 'Correct' or 'Helpful', if you found the comment useful. (vExpert, VCP-Cloud. VCAP5-DCD, VCP4, VCP5, MCSE, MCITP)

All

vCenter Appliance AD Authentication