You assign roles in the vCenter Single Sign-On domain to Active Directory security groups. You can later assign access to users by adding them to the groups directly from Active Directory.
You assign access to Active Directory security groups for the Administrators role in vCenter Single Sign-On.
UI Procedure
- Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui as [email protected].
- From the vSphere Client Menu, select Administration.
In the Single-Sign On section, click Users and groups.
Click the Groups tab.
Select Administrators and click Edit.
In the Edit group dialog box, from the Add members drop-down menu, select the domain according to your VMware Cloud Foundation Planning and Preparation Workbook.
In the Search box, enter the Active Directory security group according to your VMware Cloud Foundation Planning and Preparation Workbook and press Enter.
Click Save.
PowerShell Procedure
Start PowerShell.
Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.
$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" $sddcManagerUser = "[email protected]" $sddcManagerPass = "VMw@re1!" $sddcDomainName = "sfo-m01" $domainFqdn = "sfo.rainpole.io" $domainBindUserVsphere = "svc-vsphere-ad" $domainBindPassVsphere = "VMw@re1!" $ssoAdminGroup = "gg-sso-admins"
Perform the configuration by running the command in the PowerShell console.
Add-SsoPermission -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -sddcDomain $sddcDomainName -domain $domainFqdn -domainBindUser $domainBindUserVsphere -domainBindPass $domainBindPassVsphere -principal $ssoAdminGroup -ssoGroup "Administrators" -type group -source external
