To provide role-based access control for the SDDC, you configure an identity provider in vCenter Server. That becomes the identity provider for both vCenter Server and SDDC Manager. You then integrate NSX Manager with Workspace ONE Access to activate the use of Microsoft Active Directory over LDAP with SSL.
To implement and configure role-based access control for the SDDC, two alternative methods exist: by using the user interface of each component in the solution or by using the open-source PowerShell cmdlets. You can directly reuse the PowerShell commands by replacing the provided sample values with values from your VMware Cloud Foundation Planning and Preparation Workbook.
Active Directory security groups and users are assigned to default and custom roles. Password and account lockout policies are configured based on the security and compliance standards used by your organization.
For information on the role-based access control (RBAC) design, see Detailed Design of Identity and Access Management for VMware Cloud Foundation.
Prerequisites
To complete the implementation of Identity and Access Management for VMware Cloud Foundation validated solution, verify that your system fulfills the following prerequisites.
Category |
Prerequisite |
---|---|
Environment |
|
Software |
|
Active Directory |
|
Certificate Authority |
|
If you want to use the open-source infrastructure-as-code method for the implementation and configuration of the Identity and Access Management for VMware Cloud Foundation validated solution, verify that your system fulfills the following prerequisites.
CLI Method |
Prerequisite |
---|---|
PowerShell |
Note: To report issues, obtain support, or suggest enhancements to the open-source PowerShell Module, use
GitHub Issues in the GitHub repository.
|