You can integrate your VMware Cloud Director with one or more external identity providers (IdPs), and import users and groups to your organizations. You can configure an LDAP server connection at the system or the organization level, a SAML integration at the organization level, and an OpenID Connect (OIDC) integration at the organization level.
An identity provider is a service that manages the user and group identities. VMware Cloud Director organizations that use the same identity provider are federated.
An organization can define an identity provider that it shares with other applications or enterprises. Users authenticate to the identity provider to obtain a token that they can then use to log in to the organization. Such a strategy can enable an enterprise to provide access to multiple, unrelated services, including VMware Cloud Director, with a single set of credentials, an arrangement often referred to as single sign-on.
VMware Cloud Director includes a multisite capability that extends the advantages of a federation by enabling administrators to associate organizations with each other so that a user authenticated to one organization is also authenticated to all organizations that it is associated with. For organizations, sharing of an IdP is a prerequisite to association. See Configuring and Managing Multisite Deployments in Your VMware Cloud Director for more information about associating sites and organizations.
Starting with version 10.5.1, you can integrate your VMware Cloud Director organizations with more than one identity provider. You must not have identical user names across IdPs. You can have only one integration per IdP technology. For example, you can have one LDAP, one SAML, and one OpenID Connect (OIDC) integration simultaneously. The login page displays all configured sign-in options and to make the login more user friendly, you can customize the button labels from the IdP edit pages.
In version 10.5, if an organization in VMware Cloud Director has SAML or OIDC configured, the UI displays only the Sign in with Single Sign-On option. To log in as a local user, navigate to https://vcloud.example.com/tenant/tenant_name/login or https://vcloud.example.com/provider/login.