7 Replies Latest reply on Feb 7, 2020 9:16 AM by jburen

    Group-based Access Control not working in NSX-V

    jburen Hot Shot

      I rebuilt my lab environment and configured SSO for vCenter:

      - Joined VCSA to AD

      - Added AD as an Identity Provider

      - Added AD group "NSX_Enterprise_Admins" with Read-Only permissions at the datacenter level


      At this point, I can log in to vCenter with an account that is a member of the AD group "NSX_Enterprise_Admins".


      Then, I added the AD domain to NSX.


      And finally, I added a vCenter group with the NSX Enterprise Admins role.


      Unfortunately, when I log in with an account that is a member of the AD group "NSX_Enterprise_Admins" I get this error:


      I really have no idea what I can check or change to get this working. I tried adding the vCenter group as "NSX_Enterprise_Admins@lab.local" but that didn't make a difference. I also tried four different ways of entering the user name on both interfaces (HTML5 and FLEX):

      - LAB\Administrator

      - administrator@lab.local

      - Use windows session authentication

      - administrator


      And of course, when I add the user account instead of the group, it works...