You can integrate your VMware Cloud Director with one or more external identity providers (IdPs), and import users and groups to your organizations. You can configure an LDAP server connection at the system or the organization level, a SAML integration at the organization level, and an OpenID Connect (OIDC) integration at the organization level.

An identity provider is a service that manages the user and group identities. VMware Cloud Director organizations that use the same identity provider are federated.

Note: For successful VMware Cloud Director integration with external identity providers, to determine the correct values and settings and to ensure proper and accurate configuration, see also the product documentation of those identity providers.

An organization can define an identity provider that it shares with other applications or enterprises. Users authenticate to the identity provider to obtain a token that they can then use to log in to the organization. Such a strategy can enable an enterprise to provide access to multiple, unrelated services, including VMware Cloud Director, with a single set of credentials, an arrangement often referred to as single sign-on.

VMware Cloud Director includes a multisite capability that extends the advantages of a federation by enabling administrators to associate organizations with each other so that a user authenticated to one organization is also authenticated to all organizations that it is associated with. For organizations, sharing of an IdP is a prerequisite to association. See Configuring and Managing Multisite Deployments in Your VMware Cloud Director for more information about associating sites and organizations.

Note: Starting with version 10.4.1, VMware Cloud Director starts the deprecation process for local users. VMware Cloud Director continues to fully support the use of local users while they are under deprecation. See VMware Cloud Director 10.4.1 Release Notes.

Starting with version 10.5.1, you can integrate your VMware Cloud Director organizations with more than one identity provider. You must not have identical user names across IdPs. You can have only one integration per IdP technology. For example, you can have one LDAP, one SAML, and one OpenID Connect (OIDC) integration simultaneously. The login page displays all configured sign-in options and to make the login more user friendly, you can customize the button labels from the IdP edit pages.

Starting with version 10.5.1, if you integrate more than one IdP, the VMware Cloud Director login page displays all sign in options.

Note:

Only in version 10.5.0, if an organization in VMware Cloud Director has SAML or OIDC configured, the UI displays only the Sign in with Single Sign-On option. To log in as a local user in version 10.5.0, navigate to https://vcloud.example.com/tenant/tenant_name/login or https://vcloud.example.com/provider/login.

VMware Cloud Director login page with an SSO login button.