sandroalvesbras
Enthusiast
Enthusiast

Prevent any user from logging into the vcenter 5.5 web client

Hi,

I did a test with any domain user and I can connect to the vcenter web client.

Is it possible to prevent domain users from logging in, leaving only a few users?

Thank you.

0 Kudos
5 Replies
Alex_Romeo
Leadership
Leadership

Hi,

you must create a group in AD and in the vcenter you give the right of access to the group, instead of in the whole AD.

users who are part of this group in AD, log into the vCenter.

Add Members to a vCenter Single Sign-On Group

https://www.altaro.com/vmware/using-permissions-to-secure-vcenter-server/

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos
sandroalvesbras
Enthusiast
Enthusiast

AlessandroRomeo68

Did you understand what I meant?

I want to prevent anyone from logging in.

Here is what I mean:

https://www.virtuallyghetto.com/2017/03/vsphere-6-5b-prevents-vsphere-web-client-logins-for-users-wo...

Tks.

0 Kudos
IRIX201110141
Virtuoso
Virtuoso

Thats not possible and was a design flaw from the early days of SSO and changed later.  But i dont see the problem because without vCenter permissions the user which logged into doesnt see anything.

Solution is quite simple and you should just update your vcenter.

Regards,
Joerg

0 Kudos
nachogonzalez
Expert
Expert

You can do 2 things:
- assign the no access role to the datacenter to all members of AD
- Remove the AD identity source from vCenter.

Note:

Please remember to keep communications corteous and professional, this is a community driven channel, people are putting their time at your service.

0 Kudos
nachogonzalez
Expert
Expert

I correct myself:

First option will allow the users (any) to log in to a blank screen
Second option will not allow any AD user to log in.

You can also edit the Identity source DN so it only syncs with a particular group.

0 Kudos