You manage authentication services from the vSphere Client, or by using the CLI. You can also manage the vCenter Server Identity Provider Federation configuration process by using an API.

You can manage vCenter Server authentication using different interfaces.

Table 1. Interfaces for Managing vCenter Server Authentication Services
Interface Description
vSphere Client Web interface (HTML5-based client).
API Manage the vCenter Server Identity Provider Federation configuration process.
sso-config Command-line utility for configuring the vCenter Server built-in identity provider.

Manage vCenter Server Authentication Services Using the vSphere Client

You can manage vCenter Server authentication services from the vSphere Client.

Procedure

  1. Log in to a vCenter Server as a user with administrator privileges in the local vCenter Single Sign-On domain.
    The default domain is vsphere.local.
  2. Select Administration.
  3. Under Single Sign On, click Configuration to manage identity providers and configure password and lockout policies.
    For more information, see vSphere Authentication with vCenter Single Sign-On.

Manage vCenter Server Authentication Services Using Scripts

vCenter Server includes a utility, sso-config, for managing authentication services.

Use the sso-config utility for management tasks that the vSphere Client does not support, or to create custom scripts for your environment.

Table 2. CLIs for Managing Authentication and Associated Services
CLI Description Links
sso-config Command-line utility for configuring the vCenter Server built-in identity provider. Refer to the sso-config help by running sso-config.sh -help, or see the VMware knowledge base article at https://kb.vmware.com/s/article/67304 for usage examples.
service-control Command for starting, stopping, and listing services. Run this command to stop services before running other CLI commands. The service-control command does not require that you specify the path.

Prerequisites

Enable SSH login to vCenter Server. You can use the Access Settings tab in the vCenter Server Management Interface (https://vcenter_server_ip:5480) for SSH login activation and deactivation.

Procedure

  1. Log in to the vCenter Server shell.
    Usually, you have to be the root or Administrator user. See Required Privileges for Running vSphere CLIs for details.
  2. Access the sso-config utility at following default location. 
    /opt/vmware/bin/sso-config.sh
    The required privileges depend on the task that you want to perform. Sometimes, you are prompted for the password twice to safeguard sensitive information.