You can register the Orchestrator server with a vCenter Single Sign-On server by using the Single Sign-On legacy authentication mode in Control Center. Use Single Sign-On legacy authentication only with vCenter Server version 5.5 and its respective update releases starting with Update 2.


Install and configure VMware vCenter Single Sign-On and verify that your vCenter Single Sign-On server is running.


Ensure that the clocks of the Orchestrator server and the vCenter Server Appliance are synchronized. Otherwise you might receive cryptic vCenter Single Sign-On errors.


  1. Log in to Control Center as an administrator.
  2. Click Configure Authentication Provider.
  3. Select SSO (legacy) from the Authentication mode drop-down menu.
  4. In the STS URL text box, enter the URL for the vCenter Single Sign-On token service interface.


  5. In the Admin URL text box, enter the URL for the vCenter Single Sign-On administration service interface.


  6. Click Connect.
  7. Click Accept Certificate.
  8. In the User name and Password text boxes, enter the credentials of the vCenter Single Sign-On administrator.

    The account is temporarily used only for registering or removing Orchestrator as a solution.

  9. Click Register.
  10. In the Default tenant text box, enter the default domain to authenticate a user who logs in without a domain name. The default value is vsphere.local.
  11. In the Admin group text box, enter an administrators group and click Search.
  12. Click Save Changes.

    A message indicates that you saved successfully.


You successfully registered Orchestrator with vCenter Single Sign-On.