I did a test with any domain user and I can connect to the vcenter web client.
Is it possible to prevent domain users from logging in, leaving only a few users?
you must create a group in AD and in the vcenter you give the right of access to the group, instead of in the whole AD.
users who are part of this group in AD, log into the vCenter.
Did you understand what I meant?
I want to prevent anyone from logging in.
Here is what I mean:
Thats not possible and was a design flaw from the early days of SSO and changed later. But i dont see the problem because without vCenter permissions the user which logged into doesnt see anything.
Solution is quite simple and you should just update your vcenter.
You can do 2 things:
- assign the no access role to the datacenter to all members of AD
- Remove the AD identity source from vCenter.
Please remember to keep communications corteous and professional, this is a community driven channel, people are putting their time at your service.