To work properly and manage user permissions, Orchestrator requires a method of authentication.

Orchestrator supports the following types of authentication.

LDAP authentication

Orchestrator connects to a working LDAP server.


LDAP authentication is deprecated and will not be supported in future versions.

vRealize Automation authentication

Orchestrator is authenticated through the vRealize Automation component registry.

vSphere authentication

Orchestrator is authenticated through Platform Services Controller.

vCenter Single Sign-On authentication (legacy)

Orchestrator uses vCenter Single Sign-On Server 5.5 as an authentication provider.

When you download, and deploy the Orchestrator Appliance, the Orchestrator server is preconfigured to work with the in-process ApacheDS LDAP directory service that is embedded in the appliance.


If you want to use Orchestrator through the vSphere Web Client for managing vSphere inventory objects, you must configure Orchestrator to work with the same Platform Service Controller to which both vCenter Server and vSphere Web Client are connected.