You can either assign PingFederate users to a vCenter Server group or assign inventory-level and global permissions to PingFederate users.
The minimum permission required for a PingFederate user to log in is Read-Only.
Prerequisites
Complete the following tasks:
- Create the Scopes
- Create a Common Configuration for PingFederate Workflows
- Create the Password Grant Flow Configuration
- Create the Authorization Code Flow Configuration
- Install the SCIM Provisioner
- Configure vCenter Server Identity Provider Federation for PingFederate
- Create the SCIM Application (SP Connection)
Procedure
- To assign PingFederate users to a group, see Add Members to a vCenter Single Sign-On Group.
- To assign inventory-level and global permissions to PingFederate users, see the topic about managing permissions for vCenter Server components in the vSphere Security documentation.
- After assigning a PingFederate user permissions, verify that the user can log in.
