Active Directory always simplifies the authentication system with its centralized authentication and also simplifies the Centralized security management. Group policies can be created to automatically update and secure workstations in the domain. You can join a Platform Services Controller appliance or a vCenter Server Appliance with an embedded Platform Services Controller to an Active Directory domain and attach the users and groups from this Active Directory domain to your vCenter Single Sign-On domain. Joining the Platform service controller or vCenter server appliance with embedded platform services controller to the domain is the pre-requisite to configure permissions for users and groups from an Active Directory domain to access the vCenter Server components. Take a look at How to join VCSA 6.5 to Active Directory domain. Active Directory authentication simplifies the centralized login for Active Directory users to login and manage the virtual workloads in vCenter Server 6.5. Let’s take a look at step by step procedure to configure Active Directory Authentication for vCenter Server 6.5
How to Configure Active Directory Authentication for vCenter 6.5
Before configure the vCenter 6.5 with Active Directory authentication, we need to understand the prerequisite for this
- You must have joined the External PSC or vCenter server with embedded PSC appliance to Active Directory Domain
- You must login to the vSphere Web Client using user account which has SystemConfiguration.Administrators group in vCenter Single Sign-On. You can login using SSO administrator account “administrator@vSphere.local”
- Ensure system name of appliance is using the Fully Qualified Domain Name (FQDN) format.
- Login to the vCenter server using vSphere Web client with your administrator@your_domain_name
- On the vSphere Web Client main page, Click on Home icon, Navigate to Administration, Select Configuration under Single Sign-on
- Under Identity Sources, Click on “+” symbol to add the Active Directory as identity sources
Select Active Directory (Integrated Windows Authentication) and click on Next.
Enter the below identity source settings information of the joined active directory domain. Specify the Domain name in the FDQN format. Do not provide an IP address in this field. Select the option “use Machine account” to use the local machine account as the SPN. When you select this option, you specify only the domain name. Do not select this option if you expect to rename this machine. Click on Next.
Validate the identity source information and click on Next.
In the Identity sources tab, We can now see the domain “md.lab” is started appearing with the type Active Directory (Integrated Windows Authentication)
Once we have configured the Active Directory Authentication for vCenter Server , You will be able to see the AD domain under the Domain drop-down list, when you assign permission for vCenter inventory objects.
You will start seeing the Active Directory objects under users and Groups. You can add AD users and groups to assign permission to access and manage vCenter inventory objects.
That’s it. We are done with configuring Active Directory authentication for the vCenter Server 6.5. I hope this is informative for you. Thanks for Reading!!!. Be social and share it in social media, if you feel worth sharing it.