You manage authentication services from the vSphere Client, or by using the CLI. You can also manage the vCenter Server Identity Provider Federation configuration process by using an API.
You can manage vCenter Server authentication using different interfaces.
|vSphere Client||Web interface (HTML5-based client).|
|API||Manage the vCenter Server Identity Provider Federation configuration process.|
|sso-config||Command-line utility for configuring the vCenter Server built-in identity provider.|
Manage vCenter Server Authentication Services Using the vSphere Client
You can manage vCenter Server authentication services from the vSphere Client.
- Log in to a vCenter Server as a user with administrator privileges in the local vCenter Single Sign-On domain.
The default domain is vsphere.local.
- Select Administration.
- Under Single Sign On, click Configuration to manage identity providers and configure password and lockout policies.
For more information, see vSphere Authentication with vCenter Single Sign-On.
Manage vCenter Server Authentication Services Using Scripts
vCenter Server includes a utility, sso-config, for managing authentication services.
Use the sso-config utility for management tasks that the vSphere Client does not support, or to create custom scripts for your environment.
|sso-config||Command-line utility for configuring the vCenter Server built-in identity provider.||Refer to the sso-config help by running
|service-control||Command for starting, stopping, and listing services.||Run this command to stop services before running other CLI commands. The service-control command does not require that you specify the path.|
Enable SSH login to vCenter Server. You can use the Access Settings tab in the vCenter Server Management Interface (https://vcenter_server_ip:5480) for SSH login activation and deactivation.
- Log in to the vCenter Server shell.
Usually, you have to be the root or Administrator user. See Required Privileges for Running vSphere CLIs for details.
- Access the sso-config utility at following default location.
/opt/vmware/bin/sso-config.shThe required privileges depend on the task that you want to perform. Sometimes, you are prompted for the password twice to safeguard sensitive information.