VMware vSphere

 View Only

  • 1.  Add Azure AD user to vCenter for integrated sign in?

    Posted Jul 26, 2016 08:57 AM

    I've got a vcenter 6 appliance and it is joined to my local domain with an active directory source configured but I cannot add my account to vcenter

    My local domain is hosted on a Server 2012 R2 Essentials server and is "vmware.local" this is then extended to my Azure AD which is "vmware.co.uk" and I have created a local account called "chris.downes@vmware.local" and this is associated with my Azure domain account of "chris.downes@vmware.co.uk"

    I have joined the vCenter applinace to the "vmware.local" domain and added an AD identity source for the "vmware.local" domain.

    I can add myself as a user from the AD identity source as "chris.downes" but when I click the "use windows credentials" on the vcenter web client page it populates as "AzureAD\ChrisDownes" and vcenter says unknown credentials.

    Anyone have any idea how I can add an identity source for the Azure AD?

    Thanks



  • 2.  RE: Add Azure AD user to vCenter for integrated sign in?

    Posted Jul 27, 2016 03:23 AM

    Hi Chris,

    Are your AD environments connected at all? like trust/federation etc.

    I recently setup a vCenter server where the client had two domains and we configured one identity source using AD (integrated Windows Authentication) and the other one via LDAP.

    I think in your case, you can add the Azure AD identity source using "Active Directory as a LDAP Server". This configuration assumes your local environment (where vCenter is located) can connect to the Azure AD servers via network IP/Ports without going over the internet.

    The LDAP config is easy :

    Name : vmware.co.uk

    Base DN for Users : DC=vmware,DC=co,DC=uk

    Base DN for groups : DC=vmware,DC=co,DC=uk

    Primary Server URL : ldap://ADserver.vmware.co.uk:389 (if you support Secure LDAP you can change the port to 636 or 3268

    Test connection with a username : CN=service.vmware,OU=Service Accounts,DC=vmware,DC=co,DC=uk (pick a username in AD and view its distinguished name in AD properties to get this string. I just gave you an example)

    Let me know how it goes or if you have questions.



  • 3.  RE: Add Azure AD user to vCenter for integrated sign in?

    Posted Oct 06, 2022 05:38 PM

    Hey Chris,

     

    Were you able to add Azure AD as an identity source for authentication to VCenter? Even I have the same requirement to authenticate against Azure AD. Let me know if were able to do it.

     

    Thanks



  • 4.  RE: Add Azure AD user to vCenter for integrated sign in?

    Posted Nov 15, 2022 11:30 AM

    I'm looking to do the same thing with 6.7, struggling to find any documentation that says whether or not it can even be done, let alone how.