You register the Automation Orchestrator server with a vCenter Single Sign-On server by using the vSphere authentication mode. Use vCenter Single Sign-On authentication with vCenter 7.0 and later.

Depending on the configuration of the vCenter server being used to authenticate Automation Orchestrator, your authentication uses either the built-in identity provider or VMware Single Sign-On (VMware SSO).VMware SSO allows you to use an external identity provider to sign in to your vCenter server hosts.

Note: You can configure VMware SSO in vSphere 8.0 Update 3 or later. For more information on configuring VMware SSO, go to Configure VMware Single Sign-On.

If both the built-in and external identity providers are available in the vCenter server used for authentication, the external identity provider is the preferred method.

Prerequisites

Procedure

  1. Access the Control Center to start the configuration wizard.
    Note: You can also configure the authentication provider from the command line interface. For more information, go to Configuring the Automation Orchestrator Appliance authentication provider with the command line interface.
    1. Navigate to https://your_orchestrator_FQDN/vco-controlcenter.
    2. Log in as root with the password you entered during OVA deployment.
  2. Configure the authentication provider.
    1. On the Configure Authentication Provider page, select vSphere from the Authentication mode drop-down menu.
    2. In the Host address text box, enter the fully qualified domain name or IP address of the vCenter Server instance that contains the vCenter Single Sign-On and click Connect.
      Note: If you use an external vCenter Server or multiple vCenter Server instances behind a load balancer, you must manually import the certificates of all vCenter Server that share a vCenter Single Sign-On domain.
      Note: To integrate a different vSphere Client with your configured Automation Orchestrator environment, you must configure vSphere to use the same vCenter Server registered to Automation Orchestrator. For High Availability Automation Orchestrator environments, you must replicate the vCenter Server instances behind the Automation Orchestrator load balancer server.
    3. Review the certificate information of the authentication provider and click Accept Certificate.
    4. Enter the credentials of the local administrator account for the vCenter Single Sign-On domain. Click REGISTER.
      For the built-in identity provider, the default account is [email protected] and the name of the default tenant is vsphere.local. The credentials for external identity provider depend on the specific provider which your vSphere environment is using.
    5. In the Admin group text box, enter the name of an administrators group and click Search.
      For example, vsphere.local\vcoadmins
      Note: When using a external identity provider, local groups such as vsphere.local are not supported. You can only select groups coming from the external identity provider.
    6. Select the administration group you want to use. The administration group you select receives adminsitrator privilages in Automation Orchestrator.
    7. Click Save changes.
      A message indicates that your configuration is saved successfully.

Results

You have successfully finished the Automation Orchestrator server configuration.

What to do next

Verify that the node is configured properly at the Validate Configuration page.
Note: Following the configuration of the authentication provider, the Automation Orchestrator server restarts automatically after 2 minutes. Verifying the configuration immediately after authentication can return an invalid configuration status.