As a vSphere administrator, you can enable guest OS access on certain Single Sign-On (SSO) accounts.

Enabling SSO accounts to log in to a guest OS provides users with additional capabilities to perform administrative tasks on guest virtual machines, such as installing or upgrading the VMware Tools or configuring apps.

Functionality to allow vSphere administrators to configure a guest operating system to use VGAuth authentication. The vSphere administrator must know the guest administrator password for the enrollment process.

To enroll SSO users to a guest user account, you must enroll SSO users to accounts in guest operating systems. The enrollment process maps a vSphere user to a particular account in the guest by using SSO certificates. Subsequent guest management requests use an SSO SAML token to log in to the guest.

You must configure VMs to accept X.509 certificates. X.509 certificates allow the vSphere administrators in your data center to use SAML tokens issued by single sign-on service to access guest OSs.

View Existing SSO User Mappings

You can view the existing guest user mappings for guest operating systems on the selected virtual machine. You need to authenticate your credentials to view guest mappings.

Procedure

  1. Navigate to the virtual machine and click the Configure tab.
  2. Click the Guest User Mappings tab.
  3. To log in to your guest OS account, enter your user name and password, and click Log In.
    The existing in-guest user mappings are displayed.

Add SSO users to Guest Operating Systems

You can map a new SSO user to a guest user account by creating a user map. Mapping can be established for any type of SSO users, for example solution and users.

Prerequisites

Power on the virtual machine.

Procedure

  1. Navigate to the virtual machine and click Configure tab.
  2. Click the Guest User Mappings tab.
  3. Enter your user name and password and click Log In.
  4. In the Guest User Mappings pane, click the Add button.
    The Add New User Mapping dialog box opens.
  5. From the list of SSO users, select the SSO user that you want to map to a guest account.
  6. Specify a guest OS user name and click OK.
    The SSO user is mapped to a guest user account. A new guest user account is added to the list of Guest User Mappings.

Remove SSO Users from Guest Operating Systems

You can remove an existing SSO account from guest user mappings.

Prerequisites

Power on your virtual machine.

Procedure

  1. Navigate to a virtual machine and click the Configure tab.
  2. Click Guest User Mappings, enter you user name and password, and click Log In.
  3. In the Guest User Mappings pane, select the SSO user from the list that you want to remove.
  4. Click the Remove button.
  5. Click Yes to confirm.
    The mapping between the selected SSO user account and guest OS account is removed.