To provide role-based access control for the SDDC, you configure an identity provider in vCenter Server. That becomes the identity provider for both vCenter Server and SDDC Manager. You then configure an identity provider in NSX Manager useg of Microsoft Active Directory over LDAP with SSL.

To implement and configure role-based access control for the SDDC, alternative methods exist:

Table 1. Solution Implementation Options

Method

Description

Implementation Using PowerShell Automation

End-to-end automated implementation using PowerShell.

Implementation Using Component User Interfaces

End-to-end manual implementation using the user interface of each component.

Active Directory security groups and users are assigned to default and custom roles. Password and account lockout policies are configured based on the security and compliance standards used by your organization.

For information on the role-based access control (RBAC) design, see Detailed Design of Identity and Access Management for VMware Cloud Foundation.

Prerequisites

To complete the implementation of Identity and Access Management for VMware Cloud Foundation validated solution, verify that your system fulfills the following prerequisites.

Table 2. Prerequisites for Implementation of Identity and Access Management for VMware Cloud Foundation

Category

Prerequisite

Environment

Active Directory

  • Verify that Active Directory Domain Controllers are available in the environment.

  • Verify that the required service accounts are created in Active Directory.

  • Verify that the required security groups are created in Active Directory.

Certificate Authority