7 Replies Latest reply on Feb 7, 2020 9:16 AM by jburen

    Group-based Access Control not working in NSX-V

    jburen Hot Shot
    vExpert

      I rebuilt my lab environment and configured SSO for vCenter:

      - Joined VCSA to AD

      - Added AD as an Identity Provider

      - Added AD group "NSX_Enterprise_Admins" with Read-Only permissions at the datacenter level

       

      At this point, I can log in to vCenter with an account that is a member of the AD group "NSX_Enterprise_Admins".

       

      Then, I added the AD domain to NSX.

      NSX_Domain.PNG

      And finally, I added a vCenter group with the NSX Enterprise Admins role.

      NSX_Group.PNG

      Unfortunately, when I log in with an account that is a member of the AD group "NSX_Enterprise_Admins" I get this error:

      No_NSX_Manager.PNG

      I really have no idea what I can check or change to get this working. I tried adding the vCenter group as "NSX_Enterprise_Admins@lab.local" but that didn't make a difference. I also tried four different ways of entering the user name on both interfaces (HTML5 and FLEX):

      - LAB\Administrator

      - administrator@lab.local

      - Use windows session authentication

      - administrator

       

      And of course, when I add the user account instead of the group, it works...