You can use the vSphere Web Client to add a SAML service provider to vCenter Single Sign-On, and add vCenter Single Sign-On as the identity provider to that service. When users log in to the service provider, the service provider authenticates those users with vCenter Single Sign-On.
The target service must fully support the SAML 2.0 standard and the SP metadata must have the SPSSODescriptor element.
- Export the metadata from the service provider to a file.
- Log in with the vSphere Web Client to the vCenter Server connected to the Platform Services Controller.
- Navigate to the Configuration UI.
- From the Home menu, select Administration.
- Under Single Sign On, click Configuration.
- Import the SP metadata into vCenter Single Sign-On.
- Select the SAML Service Providers tab.
- In the Metadata from your SAML service provider dialog box, import the metadata by pasting the XML string or by importing a file.
- Export the vCenter Single Sign-On IDP metadata.
- In the Metadata for your SAML service provider text box, click Download.
- Specify a file location.
- Log in to the SAML SP, for example VMware vRealize Automation 7.0, and follow the SP instructions to add the vCenter Single Sign-On metadata to that service provider.
See the vRealize Automation documentation for details on importing the metadata into that product.