You can allow the users and groups in your Microsoft Active Directory (AD) domain to use their credentials to log in to the SDDC Manager UI as well as the vCenter Server instances that are deployed in your VMware Cloud Foundation system.

You provided a password for the superuser account (user name vcf) in the deployment parameter workbook before bring-up. After VMware Cloud Foundation is deployed, you can log in with the superuser credentials and then add vCenter Server or AD users or groups to VMware Cloud Foundation. Authentication to the SDDC Manager UI uses the VMware vCenter® Single Sign-On authentication service that is installed during the bring-up process for your VMware Cloud Foundation system.

Users and groups can be assigned roles to determine what tasks they can perform from the UI and API.

In addition to user accounts, VMware Cloud Foundation includes the following accounts:
  • Automation accounts for accessing VMware Cloud Foundation APIs. You can use these accounts in automation scripts.
  • Local account for accessing VMware Cloud Foundation APIs when vCenter Server is down.

    For a VMware Cloud Foundation 4.1 deployment, you can specify the local account password in the deployment parameter workbook. If you upgraded to VMware Cloud Foundation 4.1, you configure the local account through VMware Cloud Foundation API.

  • Service accounts are automatically created by VMware Cloud Foundation for inter-product interaction. These are for system use only.