Use the vSphere Web Client to add local users and groups. These users and groups are internal to the vCenter Single Sign-On authentication service in the Cloud Foundation software stack.

About this task

The Platform Services Controller component provides the single sign-on capability in the software stack, including SDDC Manager. Before you can authorize users and groups to perform operations using SDDC Manager, you must include them into the set of users and groups authorized by the Platform Services Controller component by either adding your Active Directory domain as an identity source or adding them as users and groups to the internal identity source. The internal identity source is the internal single sign-on domain. When added to the internal single sign-on domain, these users and groups are local to your Cloud Foundation system.

Prerequisites

Verify that you are logged in to the SDDC Manager Dashboard as an administrator. You access the user interface to add local users and groups by launching the vSphere Web Client from the SDDC Manager Dashboard.

Procedure

  1. Open the view of the management domain's vCenter Server resources in the vSphere Web Client.
    1. In the SDDC Manager Dashboard, navigate from the Dashboard page to view the management domain details.

      You drill down into the management domain details from the Workload Domains area on the dashboard.

    2. On the General Info page of the management domain's Domain Details screen, locate the vCenter launch link used to open the view of the domain's vCenter Server resources in the vSphere Web Client.

      One way to navigate to the management domain's General Info page from the Workload Domains page is to click List View and click the active link that is the name of the management domain.

    3. Launch the vSphere Web Client by clicking the vCenter launch link.

      The vSphere Web Client appears in a new browser tab, authenticated and accessing the management domain's vCenter Server resources.

  2. Navigate to Administration > Single Sign-On > Users and Groups.




  3. Perform one of the following actions.

    Option

    Description

    Add a local user

    On the Users tab, select your rack's local single sign-on domain and click Add. Type in the user's information, such as the user name and password, and click OK.

    The password must meet the password policy requirements for the software stack.

    Important:

    Because you cannot change the user name after you create a user, make sure the user name is typed in correctly before clicking OK.

    Add a local group

    On the Groups tab, select your rack's local single sign-on domain and click Add. Type in a name for the group and optionally a description, and click OK.

    Important:

    Because you cannot change the group name after you create a group, make sure the name is typed in correctly before clicking OK.

What to do next

When you add a user, that user initially has no privileges to perform management operations in your system. Perform one of the following next steps.

  • Add the local user to a group using the Platform Services Controller Web interface. When users are added to a group, you can assign permissions to the group so that all of the users in the group receive the same permissions for performing operations in your system. Then use the User Management page in the SDDC Manager Dashboard to assign a role to that group.

  • Use the User Management page to authorize the local user for performing operations in your system by assigning an appropriate role to that user. See Assign Permissions to Users and Groups.