Configuring VMware Single Sign-On in vSphere Foundation

You can use VMware Single Sign-On for authentication across all components in vSphere Foundation. You use VMware Single Sign-On with an external identity provider.

After configuring VMware Single Sign-On in vSphere Foundation, you can still log in to the vSphere Foundation components with a local account.

Caution: VMware Single Sign-On is not compatible with VMware Cloud Foundation. You can use it only for vSphere Foundation environments.

Table 1. Steps for Configuring VMware Single Sign-On in vSphere Foundation
Step		Instructions
1. Configure VMware Single Sign-On on the first vCenter Server instance. The vCenter Server host on which the external identity provider is configured acts as the identity provider for the other vCenter Server hosts.		See Configure VMware Single Sign-On in the vSphere Authentication documentation.
2. Configure VMware Single Sign-On on other vCenter Server instances. You can configure multiple vCenter Server hosts to perform VMware Single Sign-On, connecting them in a non-Enhanced Linked Mode configuration. You must configure each vCenter Server host to point to the first vCenter Server host that is configured with an external identity provider.	Add the certificate of the first vCenter Server instance to the trust store of each of the other vCenter Server instances.	See Add a Trusted Root Certificate to the Certificate Store in the vSphere Authentication documentation.
	Configure VMware Single Sign-On on each of the other vCenter Server instance.	Perform the same steps as for the first vCenter Server instance.
3. Configure VMware Single Sign-On on VMware Aria Operations.	Configure VMware Aria Operations to use the first vCenter Server instance as an identity provider.	See Configure VMware Single Sign-On for VMware Aria Operations in the Configuring VMware Aria Operations documentation.
	Import the user groups from the identity provider.	See Import User Groups From Source in the Configuring VMware Aria Operations documentation.
4. Configure VMware Single Sign-On on VMware Aria Automation Orchestrator.		See Configure a standalone Automation Orchestrator server with vSphere authentication in the Installing and Configuring Automation Orchestrator documentation.
5. Configure VMware Single Sign-On on VMware Aria Operations for Logs.		See Configuring VMware Single Sign-On in the Administering VMware Aria Operations for Logs documentation.