SSO Login

Update vCenter

To add our Active Directory to the vCenter authentication, we first must update our vCenter version. Login to management portal on port 5480 using root credentials.

Navigate to the "Updates" section to check for any new vCenter updates. As shown in the screenshot below, there were no updates found in our case, however if there were updates select "Stage and Install".

Deliverable 1: Summary Page including the Version

Joining to the Domain

Syncing Time Settings

Before we connect our vCenter with the Active Directory, we must ensure that they have synced time settings to prevent any authentication issues. Check the AD time settings using w32tm /query /status command.

Change the time settings on Active directory to the NTP server using the following command: w32tm /config /manualpeerlist:"pool.ntp.org" /syncfromflags:manual /reliable:yes /update.

Check the time setting status again to ensure NTP is configured to be the time server, as shown in the screenshot below.

To add our Active Directory to vCenter, login to the usual vCenter Client GUI and go to Administration/Single Sign-On/Configuration/Identity Provider and select Active Directory, and then select join AD.

Enter the Domain (yourname.local) and the domain administrator account credentials to authenticate the join.

To save and enable the domain join, we must reboot the vCenter server. Go to vCenter management GUI again and select Actions and Reboot to reboot Vcenter. This will take 5 to 10 minutes to complete and vCenter will not be accessible at this time.

After the reboot, double check the Identity Providers to ensure that the domain is listed. If it doesn't appear, add the domain again. (You won't need to reboot).

To login to vCenter with our domain admin account, we need to add it to the vCenter Administrator group. Go to Users & Groups, select the Administrator Group, then choose the eamon.local domain and type domain admins, and join it. You can also add the individual account instead of the domain admin group depending on your needs.

After saving the edits to the Administrator group, you should be able to login using your eamon.local account.

The screenshot below shows that the login with the Active Directory domain admin account was successful.