VMware vCenter Single Sign-On is an authentication service that implements the brokered authentication architectural pattern. You can configure Orchestrator to connect to a vCenter Single Sign-On instance, running a Platform Services Controller server.

The vCenter Single Sign-On server provides an authentication interface called Security Token Service (STS). Clients send authentication messages to the STS, which checks the user's credentials against one of the identity sources. Upon successful authentication, STS generates a token.

The Platform Services Controller contains the vCenter Single Sign-On administrative interface, which part of the vSphere Web Client. To configure vCenter Single Sign-On and manage vCenter Single Sign-On users and groups, you log in to the vSphere Web Client as a user with vCenter Single Sign-On administrator privileges. This might not be the same user as the vCenter Server administrator. You must provide the credentials on the vSphere Web Client login page, and upon authentication, you can access the vCenter Single Sign-On administration tool to create users and assign administrative permissions to other users.

Using the vSphere Web Client, you authenticate to vCenter Single Sign-On by providing your credentials on the vSphere Web Client login page. You can then view all of the vCenter Server instances for which you have permissions. After you connect to vCenter Server, no further authentication is required. The actions that you can perform on objects depend on the user's vCenter Server permissions on those objects.

For more information about Platform Services Controller, see vSphere Security.

After you configure Orchestrator to authenticate through vCenter Single Sign-On, make sure that you configure it to work with the vCenter Server instances registered with the vSphere Web Client using the same vCenter Single Sign-On instance.

When you log in to the vSphere Web Client, the Orchestrator Web plug-in communicates with the Orchestrator server on behalf of the user profile you used to log in.