To provide role-based access control to VMware Cloud Foundation, you assign specific SDDC Manager roles to the Active Directory security groups.

Prerequisites

  • Verify that the Active Directory over LDAP/LDAPS identity provider is configured on the management domain vCenter Server.

  • Verify that the necessary security groups for each SDDC Manager role are created in Active Directory.

Assign SDDC Manager Roles to Active Directory Groups for Identity and Access Management for VMware Cloud Foundation

You assign roles in SDDC Manager to Active Directory security groups. You can later assign access to users by adding them to that groups.

You assign access to Active Directory security groups for all three roles in SDDC Manager:

  • Admin

  • Operator

  • Viewer

Procedure

  1. Log in to SDDC Manager at https://<sddc_manager_fqdn> as [email protected].

  2. In the navigation pane, click Administration > Single sign on.

  3. On the Manage users page, click the Add user or group button.

  4. On the Add user or group page, in the search text box, enter the name of the group and select the domain according to your VMware Cloud Foundation Planning and Preparation Workbook.

  5. In the table, under the User / group name column, select the check box next to the group.

  6. In the Role column, from the drop down menu, select a role for the group and click Add.

  7. Repeat the procedure for the remaining SDDC Manager roles.