Orchestrator requires an authentication method to work properly and manage user permissions.

Orchestrator supports the following types of authentication.

LDAP authentication

Orchestrator connects to a working LDAP server.


LDAP authentication is deprecated.

vCenter Single Sign-On authentication

Orchestrator authenticates through vCenter Single Sign-On.

vRealize Automation authentication

Orchestrator authenticates through the vRealize Automation component registry.

Depending on the type of installation, Orchestrator is preconfigured to work with either an embedded LDAP server or OpenLDAP.

  • When you install Orchestrator standalone, the Orchestrator server is preconfigured to work with an embedded LDAP server.

  • When you download and deploy the Orchestrator Appliance, the Orchestrator server is preconfigured to work with the OpenLDAP directory service embedded in the appliance.


If you want to use Orchestrator through the vSphere Web Client for managing vSphere inventory objects, you must configure Orchestrator to work with the same vCenter Single Sign-On instance to which both vCenter Server and vSphere Web Client are pointing.