VMware Cloud Community
pinkerton
Enthusiast
Enthusiast

vCenter SSO AD Integration - every user in domain can logon to vSphere Web Client?

Dear Forums,

we just installed a virtual Center applicance (6.0) and integraded SSO in Active Directoy using the "Integrated Windows Authentication". I see that now every user in the Domain can logon to the vSphere web Client (although they cannot modify or view any Settings). Is this normal behaviour? I would have expected that even the right to logon to the Web Client Needs to be explicitly set.

Thanks,
Michael

Reply
0 Kudos
1 Reply
tonto_22
Contributor
Contributor

What is your desired result? Do you only want a certain group of users in your domain to access the web client?

After you connect your SSO domain to your Windows AD domain, you should configure Roles and Permissions to limit access to vCenter.

Choose a role that fits what you want. (or create a new Role) (Home > Administration > Roles)

Add a new permission at the desired Cluster, or vCenter level. (permissions tab)

Assign Role to this permission.

Assign AD User or Group to this permission.

 

Reply
0 Kudos