To provide role-based access control to the workload domain vCenter Servers, you add your organization's Active Directory as an identity provider, assign specific roles to Active Directory security groups and configure password policies.

Prerequisites

  • Verify you have access to the Active Directory Root certificate file if using Active Directory over LDAPS.

  • Verify you have created a domain user in Active Directory with read-only access permission to the base DN for users and groups to use as the bind account.

  • Verify you have created security groups in Active Directory for each vCenter Server role you assign access to.

  • Verify you have created security groups in Active Directory for each single sign-on role you assign access to.