You can integrate your VMware Cloud Director with an external identity provider, and import users and groups to your organizations. You can configure an LDAP server connection at the system or the organization level. You can configure a SAML integration at the organization level.
An identity provider is a service that manages the user and group identities. VMware Cloud Director organizations that use the same identity provider are federated.
An organization can define an identity provider that it shares with other applications or enterprises. Users authenticate to the identity provider to obtain a token that they can then use to log in to the organization. Such a strategy can enable an enterprise to provide access to multiple, unrelated services, including VMware Cloud Director, with a single set of credentials, an arrangement often referred to as single sign-on.
VMware Cloud Director includes a multisite capability that extends the advantages of a federation by enabling administrators to associate organizations with each other so that a user authenticated to one organization is also authenticated to all organizations that it is associated with. For organizations, sharing of an IDP is a prerequisite to association. See Configuring and Managing Multisite Deployments for more information about associating sites and organizations.
For version 10.4.2 and later, if an organization in VMware Cloud Director has SAML or OIDC configured, the UI displays only the Sign in with Single Sign-On option. To log in as a local user, navigate to https://vcloud.example.com/tenant/tenant_name/login or https://vcloud.example.com/provider/login.
For versions 10.3.3 through 10.4.1, if an organization in VMware Cloud Director has SAML or OIDC configured, to log in with your identity provider, select the Sign in with Single Sign-On option.
