The first step toward configuring Hybrid Linked Mode from your SDDC is to add your on-premises LDAP domain as an identity source for the SDDC vCenter .

You can configure Hybrid Linked Mode from your SDDC if your on-premises LDAP service is provided by a native Active Directory (Integrated Windows Authentication) domain or an OpenLDAP directory service.

This step is optional when configuring Hybrid Linked Mode from the VMware Cloud Gateway, but adding an identity source does allow you to configure users or groups with a lesser level of access than the Cloud Administrator.

Important:

If you are using OpenLDAP as the identity source, see the VMware knowledge base article at http://kb.vmware.com/kb/2064977 for additional requirements.

Prerequisites

Take a look at Identity Sources for vCenter Server with vCenter Single Sign-On in the VMware vSphere Product Documentation for additional information about configuring and using identity sources and certificates.

Procedure

  1. Log in to the vSphere Client for your SDDC.
    To add an identity source, you must be logged in as [email protected] or another member of the Cloud Administrators group.
  2. Configure single sign-on to add an identity provider.
    Follow the steps in Add or Edit a vCenter Single Sign-On Identity Source in the VMware vSphere Product Documentation.
  3. Configure the identity source settings.
    See "Active Directory over LDAP and OpenLDAP Server Identity Source Settings" in Add or Edit a vCenter Single Sign-On Identity Source for detailed information about the configuration parameters.

Results

When the identity source is added, on-premises users can authenticate to the SDDC, but have the No access role. Add permissions for a group of users to give them the Cloud Administrator role.