After installing or upgrading to VMware Aria Operations 8.18, you can configure VMware Aria Operations for VMware Single Sign-On. When you configure VMware Single Sign-On, you use an external identity provider to sign into VMware Aria Operations.

Note: After configuring VMware Single Sign-On configuration for VMware Aria Operations, you can still log in to VMware Aria Operations with a local account.

Prerequisites

  • Ensure that the associated vCenter Server host is configured for VMware Single Sign-On. For more information about configuring a vCenter Server host for VMware Single Sign-On, see Configure VMware Single Sign-on.

Procedure

  1. Log in to VMware Aria Operations with a local account. For more information, see Logging In to VMware Aria Operations.
  2. Configure VMware SSO as an authentication type. For more information, see Authentication Sources and Authentication Sources: Add Authentication Source for User and Group Import.
    Note: Only one VMware Single Sign-On configuration can exist during any period of time.
  3. To allow users or groups to log in to VMware Aria Operations using VMware SSO authentication source, import users or groups from the authentication source into VMware Aria Operations. For more information, see Import User Accounts From Source and Import User Groups From Source.
    Note: You must select a role for each user and assign a scope for each role.
  4. A certificate of type VMware SSO is created and can be viewed from Administration > Control Panel > Certificates.
  5. Users from the VMware SSO authentication source can now log into VMware Aria Operations using VMware SSO. When you log in to VMware Aria Operations using VMware SSO, you will be redirected to an external authentication page. Enter the credentials to log in to VMware Aria Operations.
    Note:
    • You can delete and unregister a VMware Single Sign-On authentication source. For more information see, Delete and Deregister a VMware Single Sign-On Authentication Source.
    • You have to re-register the VMware SSO server in certain scenarios. Navigate to the Authentication Sources page, click the Re-register source link and enter the vCenter Server credentials. Re-register the VMware SSO server in the following two scenarios:
      • If you add or remove nodes from a cluster in VMware Aria Operations, and/or
      • If you have modified the system access URL when a load balancer is used (Administration > Global Settings > System Settings > System Access URL option).