VMware vSphere

 View Only
  • 1.  Microsoft Entra ID

    Posted Aug 07, 2024 12:34 PM

    vCenter Server 8.0U3 - Provider changed to Microsoft Entra ID

    All seems to be configured correctly, Azure provisions the users for the domain, Azure states in the log the users have been correctly Authenticated against Entra ID, the users are present in vCenter Server.

    These users have been allocated correct permissions in vCenter Server

    BUT

    this appears!

    We are not using Workspace One, of have any configuration or anything to do with Workspace One!

    So puzzled ?



  • 2.  RE: Microsoft Entra ID

    Posted Aug 18, 2024 03:38 AM

    Hello, did you ever figure out the issue. We are in the process of doing the same. Moving to Entra ID and received the same error.  Did you configure SCIM?  In adfs we did not do that. Not sure if its mandatory for entra id. Thanks




  • 3.  RE: Microsoft Entra ID

    Posted Aug 18, 2024 06:03 AM

    We did create a SCIM, but we didn't like to idea of direct contact with vCenter Server in a public space, so we created our internal SCIM

    We are going to try with 8.0U2 and check it's an issue with the update.




  • 4.  RE: Microsoft Entra ID

    Posted Aug 19, 2024 05:43 PM

    I'm at the same spot as you are with the Access Denied screen after successfully configuring/testing the connections.

    I followed the instructions to create an internal scim from this KB (https://knowledge.broadcom.com/external/article?legacyId=94182). The attachment PDF file shows step by step on how to configure using Microsoft Entra Connect Provisioning Agent.

    I'm hoping someone has a solution/workaround.

    I've added my VMware Users AD group to the Administrators group in the vCenter. It takes my SSO login then prompts the ACCESS DENIED screen.




  • 5.  RE: Microsoft Entra ID

    Posted Aug 19, 2024 05:53 PM

    Is this using 8.0U3 ?

    I have come across another three sites which have this issue so we are not alone, so I'm glad it's not just me!

    Someone told me if you refresh the page they are able to login - but that didn't work for me!




  • 6.  RE: Microsoft Entra ID

    Posted Aug 20, 2024 10:42 AM

    Yes, I just recently upgraded to 8.0U3.




  • 7.  RE: Microsoft Entra ID

    Posted Aug 20, 2024 12:25 PM

    I was able to get mine working after several trial and error. I'm not sure which resolved it, but here's what I did:

    1. Explicitly added my user account in Entra ID Users and Groups (instead of adding an AD Group)
    2. Explicitly added my user account in VMware Administrators Group

    Above steps allowed me to log in.

    I also tested removing the AD group out of the VMware Administrators group, then re-adding it. This seems to also work.




  • 8.  RE: Microsoft Entra ID

    Posted Aug 21, 2024 11:17 AM

    Try launching a private browser session. I get the same message if I launch using a regular browser session. For us, I have our internal logins defined in Azure AD, but the browser is automatically assuming my 365 login, therefore access denied. I am likely going to rethink this and utilize our 365 logins to avoid having to launch private browser sessions.