There is no way to achieve this that I know of. vRA requires a single Administrator account to authenticate with the vCenter endpoint for all its operations.

vRA is designed to provide a layer of abstraction from the underlying endpoints. Also, the identity store used to authenticate Business Group users is in most cases different than for vCenter users.

This is actually quite secure since you can permission users to deploy and manage workloads within vRA without requiring any access to vCenter Server.

I can see where you are coming from through. I have done a couple of vRA deployments for companies that are not service providers using single tenancy and it would be nice to see the same user in vRA and the vSphere web client

I appreciate each one of you for sharing your valuable inputs! It helped me to better understand what is technically feasible in terms of vRA initiated operations on a vCenter Server.

>>> What is your use case?

The use case is:

The vRA end user vmuser (in this e.g. with vCenter Server "Virtual machine user(sample)" role) requesting to provision a virtual machine gets denied by the security controls deployed at vCenter Server level knowing that the vCenter Server user vmuser (request vm provisioning from vRA) has no privileges to create a virtual machine.

I understand that vRA has request approvals that can be leveraged. However, consider this more like a Proxy Server safe guarding the vCenter Server with security hardening on workloads regardless of vRA, vRO or vSphere Web Client initiating it - with no manual intervention required leveraging a security policy in effect. 

As vRA request for the vmuser is served under the context of the service account at the vCenter Server level it's the highly privileged vCenter Server service account; that these vRA initiated operations are permitted though for the less privileged vmuser (with vCenter Server "Virtual machine user(sample)" role to start/stop VM).

>>> Why are you looking for this behavior?

There are few reasons to look for this behavior in my opinion:

Greater visibility - certain vCenter Server operations are instantiated as as part of User XYZ from vRA

Security hardening - Less privileged vCenter Server user should be denied based on vCenter Server level RBAC - I understand vRA has options to safeguard incoming user requests with approval

As I check this with vRO which has 'share a unique session' vs. 'a session per user' mode to access a vCenter Server instance. This allows 'a session per user' mode with token delegation vRO end user requested operations executed in the context of the vRO end user (instead of the User details - service account to access vCenter Server instance).