When you assign a role to an SSO user, vCenter Server authenticates the user with the identity service configured on the SSO server. If the SSO server is not configured or is not available, the user is authenticated either locally or with Active Directory based on vCenter Server configuration.
- The Networking and Security plug-in in the vSphere Web Client.
- The NSX Manager appliance, including the API. This access is available only in NSX 6.4 or later.
Roles can be assigned individually or through a group membership. A user can be assigned an NSX role individually, and this user can also be a member of a group that is assigned a different NSX role. In such cases, the role that is assigned individually to the user is used for logging into the NSX Manager appliance.
- In the vSphere Web Client, navigate to .
- Ensure that you are in the Users tab.
- If multiple IP addresses are available in the NSX Manager drop-down menu, select an IP address, or keep the default selection.
- Click the Add icon.
The Assign Role window opens.
- Click Specify a vCenter user or Specify a vCenter group
- Type the vCenter Server user details and group details.
Field Example Value Domain name corp.vmware.com Alias corp Group name firstname.lastname@example.org User name email@example.com User alias user1@corpNote: When a group is assigned a role on the NSX Manager, any user from that group can log in to the NSX Manager UI.
- Click Next.
- Select the role for the user and click Next. For more information about available roles, see Managing User Rights.
- Click Finish.
The user account appears in the Users table.