To provide role-based access control for the SDDC, you configure an identity provider in vCenter Server. That becomes the identity provider for both vCenter Server and SDDC Manager. You then integrate NSX Manager with Workspace ONE Access to activate the use of Microsoft Active Directory over LDAP with SSL.
To implement and configure role-based access control for the SDDC, two alternative methods exist: by using the user interface of each component in the solution or by using PowerShell cmdlets. You can directly reuse the PowerShell commands by replacing the provided sample values with values from your VMware Cloud Foundation Planning and Preparation Workbook.
Active Directory security groups and users are assigned to default and custom roles. Password and account lockout policies are configured based on the security and compliance standards used by your organization.
If you want to use the infrastructure-as-code method for the implementation and configuration of the Identity and Access Management for VMware Cloud Foundation validated solution, verify that your system fulfills the following prerequisites.
Table 2. Prerequisites for CLI Implementation of Identity and Access Management for VMware Cloud Foundation