VMware Cloud Community
Sergey-S
Contributor
Contributor

EntraID (AzureAD) authentication with vCenter 8.0 U2 which has Internet access through a proxy only

Hello

We need expert advice in setting up the EntraID (AzureAD) authentication provider on the vCenter server 8.0 U2, which has Internet access only through a proxy.

We have already configured all the points specified in the instructions:
- the AzureAD authentication provider is selected In the vCenter server

- Created Enterprise applications for OID and SCIM on AzureAD side

- With the help of AzureAD proxy application and AzureAD Enterprise application for SCIM, we can provision users from AzureAD to vCenter

But when we try to log in using AzureAD, you always see the error “Access Denied. Unable to authenticate the user.”

Upon closer analysis, we discovered that when we trying to log in through AzureAD from the vCenter server, traffic was sent to Microsoft IP addresses past the configured proxy.
Accordingly, the AzureAD authentication service ignores all proxy settings specified in the system.

Has anyone encountered the same issues?
I would be grateful for any advice that might help.

Reply
0 Kudos
1 Reply
tmcadams222
Contributor
Contributor

I hope this helps you. I ran into this today and my issue was I had to remove vcenter from local AD first. My local AD domain and Entra ID domain are the same so I imagine this caused some issue in vcenter on the backend. I used the two links combined to complete the setup. One response from reddit post has more detailed info on the attributes needed. Good Luck!

https://kb.vmware.com/s/article/94182

https://www.reddit.com/r/vmware/comments/16z5j7s/sso_in_vcenter_and_azure_ad_without_scim/

Reply
0 Kudos