You register the Orchestrator server with a vCenter Single Sign-On server by using the vSphere Authentication mode. Use vCenter Single Sign-On authentication with vCenter Server 6.0 and later.


  • Download and deploy a vRealize Orchestrator 7.3 Appliance. See Download and Deploy the Orchestrator Appliance.

  • Install and configure vCenter Server with vCenter Single Sign-On server is running. For information, see the vSphere documentation.

If you plan to create a cluster:

  • Set up a load balancer to distribute traffic among multiple instances of vRealize Orchestrator. For more information, see vRealize Orchestrator Load Balancing.

  • Set up the external database that you plan to use as a shared database, so that it can accept connections from the different Orchestrator instances.


  1. Access Control Center to start the configuration wizard.
    1. Navigate to https://your_orchestrator_server_IP_or_DNS_name:8283/vco-controlcenter.
    2. Log in as root with the password you entered during OVA deployment.
  2. Select the Standalone Orchestrator deployment type.

    By selecting this type, you configure a single Orchestrator node or the first Orchestrator node of a cluster.

  3. Click CHANGE to configure the host name on which Control Center will be accessible.

    If you are about to configure an Orchestrator cluster, enter the host name of the load balancer virtual server.

  4. Configure the authentication provider.
    1. On the Configure Authentication Provider page, select vSphere from the Authentication mode drop-down menu.
    2. In the Host address text box, enter the fully qualified domain name or IP address of the Platform Services Controller instance that contains the vCenter Single Sign-On and click CONNECT.

      If you use an external Platform Services Controller or multiple Platform Services Controller instances behind a load balancer, you must import to Orchestrator manually the certificates of all Platform Services Controllers that share the same vCenter Single Sign-On domain.

    3. Click Accept Certificate.
    4. In the User name and Password text boxes, enter the credentials of the local administrator account for the vCenter Single Sign-On domain.

      By default, this account is administrator@vsphere.local .


      The name of the default tenant is preconfigured.

    5. In the Admin group text box, enter the name of an administrators group and click SEARCH.

      For example,vsphere.local\Administrators

    6. In the list of groups, double click on the name of the group to select it.
    1. Click SAVE CHANGES.

      A message indicates that you saved successfully and you are redirected to the Control Center main view.

  5. (Optional) Configure the Orchestrator node to use an external shared database. For more information, see Configure the Database Connection
  6. Click the settings icon at the upper right corner of the Control Center home page and click Sign out.

    You log out the root account from Control Center.


    The root account can no longer access Control Center.


    You are redirected to the vCenter Single Sign-On login screen.


    If you use a load balancer server, Control Center is accessible only through the load balancer virtual server address.

  8. Log in to Control Center with a member of the Admin group that you configured in Step e, by default administrator@vsphere.local.

    You see the Role Based Access Management menu option in Control Center.


You have successfully completed the Control Center configuration.

What to do next

  • Verify that CIS is the configured license provider at the Licensing page.

  • Verify that the node is configured properly at the Validate Configuration page.