To work properly and manage user permissions, Orchestrator requires a method of authentication.

Orchestrator supports the following types of authentication.

LDAP authentication

Orchestrator connects to a working LDAP server.


LDAP authentication is deprecated and will not be supported in future versions.

vRealize Automation authentication

Orchestrator is authenticated through the vRealize Automation component registry.

vSphere authentication

Orchestrator is authenticated through Platform Services Controller.

vCenter Single Sign-On authentication (legacy)

Use this authentication mode only if the required authentication provider is vCenter Single Sign-On 5.5.

When you download, and deploy the Orchestrator Appliance, the Orchestrator server is preconfigured to work with the in-process ApacheDS LDAP directory service that is embedded in the appliance. However, if you have already configured Orchestrator to authenticate through vRealize Automation, vSphere, or SSO (legacy), the LDAP option no longer appears in the Authentication mode drop-down menu.


If you want to use Orchestrator through the vSphere Web Client for managing vSphere inventory objects, you must configure Orchestrator to work with the same Platform Service Controller to which both vCenter Server and vSphere Web Client are connected.