Using Microsoft Entra ID as the identity provider for the management domain vCenter Server allows for identity federation across SDDC Manager, vCenter Server, and NSX Manager.

Configuring identity federation with Microsoft Entra ID involves performing tasks in the Microsoft Entra Admin Console and the SDDC Manager UI. After the users and groups are synced, you can assign permissions in SDDC Manager, vCenter Server, and NSX Manager.
  1. Create an OpenID Connect application for VMware Cloud Foundation in Microsoft Entra ID.
  2. Configure Microsoft Entra ID as the Identity Provider in the SDDC Manager UI.
  3. Update the Microsoft Entra ID OpenID Connect application with the Redirect URI from SDDC Manager.
  4. Create a SCIM 2.0 Application for VMware Cloud Foundation.
  5. Assign Permissions for Microsoft Entra ID Users and Groups in SDDC Manager, vCenter Server, and NSX Manager.
Note: If you created isolated VI workload domains that use different SSO domains, you must use the vSphere Client to configure Microsoft Entra ID as the identity provider for those SSO domains. When you configure Microsoft Entra ID as the identity provider for an isolated workload domain in the vSphere Client, NSX Manager is automatically registered as a relying party. This means that once an Microsoft Entra ID user with the necessary permissions has logged in to the isolated VI workload domain vCenter Server, they can directly access the VI workload domain's NSX Manager from the SDDC Manager UI without having to log in again.

Prerequisites

Integrate Active Directory (AD) with Microsoft Entra ID. See the Microsoft documentation for more information.
Note: This is not required if you do not want to integrate with AD or have previously integrated AD and Microsoft Entra ID.