Skip to content

SSO

Enabling Active Directory / LDAP / LDAPS Authentication In vCenter 8.0

This article describes how to integrate VMware vCenter Server into your authentication infrastructure. Identity sources can be Microsoft Active Directory installations or OpenLDAP.

Bundled with the vCenter Servers is an internal user database that allows you to add and manage Users from the vCenter UI. Users management and Single Sign-On are provided by the embedded Platform Service Controller. In a large environment, you might want to connect your virtualization infrastructure to a centrally managed identity provider.

Read More »Enabling Active Directory / LDAP / LDAPS Authentication In vCenter 8.0

How to add AD Authentication in vCenter 7.0

The vCenter Server has an internal user database that allows you to add and manage users very easily. Users management and Single Sign-On is provided by the embedded Platform Service Controller which is available since vSphere 6.0. In a large environment, you might want to connect your virtualization infrastructure to a centrally manage Active Directory.

This article explains how to add AD authentication in vSphere 7.0 and how to get the "Use Windows session authentication" checkbox to work with the "Enhanced Authentication Plugin".

Read More »How to add AD Authentication in vCenter 7.0

How to add AD Authentication in vCenter 6.5/6.7

The vCenter Server has an internal user database that allows you to add and manage users with the vSphere Web Client. Users management and Single Sign-On is provided by the Platform Service Controller which is available since vSphere 6.0. In a large environment, you might want to connect your virtualization infrastructure to a centrally manage Active Directory.

This article explains how to add AD authentication in vSphere 6.5 and how to get the "Use Windows session authentication" checkbox to work with the enhanced authentication plugin. This works for both, the vCenter Server 6.5 installed on a Windows Server and the vCenter Server Appliance (vCSA).

Read More »How to add AD Authentication in vCenter 6.5/6.7

How to Join the vCSA 6.5/6.7 to an Active Directory Domain

In vSphere 6.5 the underlying operating system from the vCenter Server Appliance (vCSA) has been changed to VMwares PhotonOS. With the new OS, you can still join an Active Directory domain to comply with company policies, or if you want to use windows session authentication. Joining an Active Directory domain is included in the infrastructure node configuration which is part of the Platform Services Controller. Please verify standard AD requirements like time synchronization and naming prior to joining a domain.

If you want to log in with the "Windows session authentication" checkbox, you have to add the appliance running the Platform Services Controller (PSC) to the domain. For embedded deployments, join the appliance running both, the vCenter and the PSC to the domain.

Read More »How to Join the vCSA 6.5/6.7 to an Active Directory Domain

vSphere 6.5 Component Password Recovery (vCenter, SSO and ESXi)

Everyone knows the situation where you can't log into a system because you have forgotten the password. The following article explains how to reset the password and regain access to VMware vSphere 6.5 core components including vCenter, SSO and ESXi Hosts.

  • Reset vCenter Server Appliance 6.5 root password
  • Reset SSO Administrator Password (vCenter Server Appliance 6.5)
  • Reset ESXi root password with Host Profiles
  • Gain Administrative ESXi access with an Active Directory
  • Reset ESXi root password (Linux Live CD)

Read More »vSphere 6.5 Component Password Recovery (vCenter, SSO and ESXi)

How to add AD Authentication in vCenter 6.0 (Platform Service Controller)

Platform Service Controller is a new component in vSphere 6.0. The PSC contains all the services that vCenter needs for its functions including Single Sign-On (SSO). This post describes how to configure AD authentication in vCenter Server 6.0.

The method shown in this post allows you to manage users and groups in your central directory. This works for both, the vCenter Server 6.0 installed on Windows Server and the vCenter Server Appliance (VCSA).vsphere60-login-screen

Read More »How to add AD Authentication in vCenter 6.0 (Platform Service Controller)

Howto: AD Authentication in vCenter SSO 5.5

With the recently released VMware vSphere 5.5, the component Single-Sign-On (SSO) has been completely rewritten. The biggest change is that the RSA database has been removed, which eliminates much of its complexity. There is also a new identity type (Active Directory (Integrated Windows Authentication)) that works without specifying the AD Controllers directly, like the old vSphere 4.x / 5.0 authentication. The whole process is much easier. This post shows how to enable Active Directory Authentication within the new vSphere 5.5 Single-Sign-On. If you are using vSphere 5.1, read this post.

The method shown in this post allows you to manage users and groups in your central directory. This works for both, the vCenter Server 5.5 installed on Windows Server and the vCenter Server Appliance (VCSA).

Read More »Howto: AD Authentication in vCenter SSO 5.5

Match VMware vCenter 5.1 Component Versions

With the separation of the vCenter Service into 4 components in vSphere 5.1 (vCenter Single Sign On, vCenter Inventory Service, vCenter Server and vSphere Web Client) there is a possible issue that you could have mismatched services installed. When you install an update you have to install all components one after another without having a workflow to check that all have been updated. I have already written about the update process from 5.1 to 5.1u1 and their versions but this is not the only update available. Now I've created an overview of all possible vCenter 5.1 version numbers that can be identified in the Control Panel.

Read More »Match VMware vCenter 5.1 Component Versions

Howto: vCenter 5.1 SSO with trusted Active Directory

There are a lot of pitfalls when you want to deploy or update to VMware vSphere 5.1. Beside the vSphere Web Client, the most discussed new component is the new authentication engine called Single Sign On (SSO) which is mandatory for the vCenter Server. I've already written about a simple deployment scenario where a vCenter Server (Appliance or Installable) can be authenticated against a single Active Directory domain. In this post i am going to explain the changes and straits when using multiple trusted Active Directory Domains.

Read More »Howto: vCenter 5.1 SSO with trusted Active Directory