You can federate your vCenter Server to an external identity provider through VMware Identity Broker - vCenter Server. It is a built-in container within vCenter Server that enables federation to an external identity provider such as Okta or Azure AD.
What Is VMware Identity Broker - vCenter Server
VMware Identity Broker - vCenter Server is VMware's specialized authentication solution that allows you to federate your apps to external identity providers such as Okta or Azure AD. VMware Identity Broker - vCenter Server functions as a container built-in within your vCenter Server. VMware Identity Broker - vCenter Server comes with its own API Interface
that is separate from the vSphere Automation API and the vSphere Web Services API.
- Okta (starting in vSphere 8.0 Update 1)
- Azure AD (starting in vSphere 8.0 Update 2)
Configure vCenter Server Identity Provider Federation to Okta or Azure AD
To configure your vCenter Server to point to Okta or Azure AD as the identity provider, you must use the Okta or Azure AD interface and the vSphere Client. This integration uses VMware Identity Broker - vCenter Server. For more information, see Configure vCenter Server Identity Provider Federation for Okta
and Configure vCenter Server Identity Provider Federation for Azure AD
from the vSphere Authentication Guide.
OAuth Authentication to Your Federated vCenter Server, App, or Script
Once configured, you can use the vSphere Automation and the VMware Identity Broker - vCenter Server APIs to authenticate to your federated vCenter Server, application, or script.
You can use the following OAuth 2.0 grant types:
Password (not recommended)
Authorization Code
Client Credentials
Refresh Token