Verify that you can authenticate to SDDC Manager with a user account that is a member of an Active Directory security group.

Validate that you can authenticate to SDDC Manager using an Active Directory user account assigned an SDDC Manager role. See Personas in Identity and Access Management for VMware Cloud Foundation and VMware Cloud Foundation Planning and Preparation Workbook.

You perform this procedure for the following personas.

Persona

Component Role

Cloud Admin

Administrator

VI Admin

Operator

Auditor

Viewer

Expected Outcome

You can successfully log in to SDDC Manager with an Active Directory user account with access based on a security group and you can perform tasks according to the expected privileges and permission scope.

Procedure

  1. Log in to SDDC Manager at https://<sddc_manager_fqdn> with an Active Directory account assigned an SDDC Manager role.
  2. Verify that you can access all required menus based on the expected permissions for the role.

What to do next

If you encounter issues while performing this procedure, use the following troubleshooting tips:

Troubleshooting Tips

  • Ensure that there is network connectivity between the vCenter Server instance and the Active Directory domain infrastructure.

  • Ensure that there is network connectivity between the SDDC Manager and vCenter Server instances.

  • Ensure that Active Directory is configured as an identity provider in vCenter Server.

  • Ensure that the Active Directory security group is assigned the global permissions.

  • Ensure that the user account is a member of the Active Directory security group with the assigned the role.

  • Ensure that the Active Directory user account is an active account and is not locked.