VMware Tanzu Application Platform

 How to Audit kubectl vsphere login SSO Access Events to TAP Clusters?

Yosef Cohen's profile image
Yosef Cohen posted Jul 14, 2025 06:00 AM

Hi everyone,

I'm looking for a way to audit login events that occur when using the following command to access a Tanzu Kubernetes Cluster (TAP) via vSphere with SSO



kubectl vsphere login --server=https://X.X.X.X -u yosef@domain.local --insecure-skip-tls-verify \
--tanzu-kubernetes-cluster-namespace tanzu-application-platform \
--tanzu-kubernetes-cluster-name tap-full-best

Specifically, I want to track and audit these login events—ideally including user identity, timestamp, and target cluster—in order to improve visibility and auditing in our environment.

My questions:

  1. Where are these login events recorded?

    • Are they available in vCenter logs (Events/Tasks)?

    • They logged elsewhere (e.g., audit logs on the Supervisor Cluster)?

  2. Is there a specific log file or vSphere Audit Log (vmafdd or sso) that includes these SSO token-based login events?

  3. Are there any integrations or tools recommended by Broadcom to aggregate or view these events more easily (e.g., vRealize Log Insight, Aria Operations for Logs, etc.)?

Any guidance on where to look or how to best track these authentication attempts would be greatly appreciated!

Thanks,
Yosef