You assign roles in SDDC Manager to Active Directory security groups. You can later assign access to users by adding them to that groups.

You assign access to Active Directory security groups for all three roles in SDDC Manager:

  • Admin

  • Operator

  • Viewer

UI Procedure

  1. Log in to SDDC Manager at https://<sddc_manager_fqdn> as administrator@vsphere.local.
  2. For VMware Cloud Foundation 4.4 or earlier, in the navigation pane, click Administration > Users.

  3. For VMware Cloud Foundation 4.5 or later, in the navigation pane, click Administration > Single sign on.

  4. On the Manage users page, click the Add user or group button.

  5. On the Add user or group page, in the search text box, enter the name of the group.

  6. In the table, under the User / group name column, select the check box next to the group.

  7. In the Role column, from the drop down menu, select a role for the group and click Add.

  8. Repeat the procedure for the remaining SDDC Manager roles.

PowerShell Procedure

  1. Start PowerShell.

  2. Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
    $sddcManagerUser = "administrator@vsphere.local"
    $sddcManagerPass = "VMw@re1!"
    
    $domainFqdn = "sfo.rainpole.io"
    $domainBindUserVsphere = "svc-vsphere-ad"
    $domainBindPassVsphere = "VMw@re1!"
    
    $vcfAdminGroup = "gg-vcf-admins"
    $vcfOperatorGroup = "gg-vcf-operators"
    $vcfViewerGroup = "gg-vcf-viewers"
  3. Perform the configuration by running the command in the PowerShell console.

    Add-SddcManagerRole -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domainFqdn -domainBindUser $domainBindUserVsphere -domainBindPass $domainBindPassVsphere -principal $vcfAdminGroup -role ADMIN -type group
    
    Add-SddcManagerRole -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domainFqdn -domainBindUser $domainBindUserVsphere -domainBindPass $domainBindPassVsphere -principal $vcfOperatorGroup -role OPERATOR -type group
    
    Add-SddcManagerRole -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domainFqdn -domainBindUser $domainBindUserVsphere -domainBindPass $domainBindPassVsphere -principal $vcfViewerGroup -role VIEWER -type group