You can add users and groups to VMware Cloud Foundation to provide users with access to the SDDC Manager UI as well as the vCenter Server instances that are deployed in your VMware Cloud Foundation system. Users can log in and perform tasks based on their assigned role.
Before you can add users and groups to
VMware Cloud Foundation, you must configure an identity provider that has access to user and group data.
VMware Cloud Foundation supports the following identity providers:
- vCenter Single Sign-On is vCenter Server's built-in identity provider. By default, it uses the system domain (for example, vsphere.local) as its identity source. You can add Active Directory over LDAP and OpenLDAP as identity sources for vCenter Single Sign-On.
- Active Directory Federation Services (AD FS) is supported as an external identity provider that can be used instead of vCenter Single Sign-On.
Once you have configured an identity provider, you can add users and groups, and assign roles to determine what tasks they can perform from the SDDC Manager UI and VMware Cloud Foundation API.
In addition to user accounts,
VMware Cloud Foundation includes the following accounts:
- Automation accounts for accessing VMware Cloud Foundation APIs. You can use these accounts in automation scripts.
- Local account for accessing VMware Cloud Foundation APIs when vCenter Server is down.
- Service accounts are automatically created by VMware Cloud Foundation for inter-product interaction. These are for system use only.