You must configure your identity provider such as Microsoft Active Directory (AD), Azure AD, or Okta to set up enterprise federation.

To use an identity provider for both vCenter and vSphere+, you must first configure the vCenter instances with the identity provider.

• For AD, see: Add or Edit a vCenter Single Sign-On Identity Source.
• For Okta, see: Configure vCenter Identity Provider Federation for Okta.
• For Azure AD, see Configure vCenter Identity Provider Federation for Azure AD.

  Azure AD is supported only for vCenter versions 8.0 Update 2 and later.

After you configure vCenter instances with the external identity provider, you must federate the external identity provider with VMware Cloud. You can use only one federation with one identity provider. For example, If you already federated AD with vSphere+ and you now want to federate Okta, you must first remove the AD federation and then federate Okta with vSphere+.

For AD, you must implement the connector-based authentication setup, and federate the AD domain that you use to log in to the local vCenter instances with vSphere+.

For Okta and Azure AD, you can use the dynamic (connectorless) authentication setup.

Setting up federation is a self-service process that involves multiple steps, users, and roles. See Setting Up Enterprise Federation with VMware Cloud Services.