VMware VS4-ENT-PL-A Setup Guide - Page 58
Identity Sources for vCenter Server with vCenter Single Sign-On, Types of Identity Sources - client windows
![]() |
View all VMware VS4-ENT-PL-A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 58 highlights
vSphere Installation and Setup Identity Sources for vCenter Server with vCenter Single Sign-On Identity sources allow you to attach one or more domains to vCenter Single Sign-On. A domain is a repository for users and groups that the vCenter Single Sign-On server can use for user authentication. An identity source is a collection of user and group data. The user and group data is stored in Active Directory, OpenLDAP, or locally to the operating system of the machine where vCenter Single Sign-On is installed. Upon installation, every instance of vCenter Single Sign-On has the Local OS identity source identity source vpshere.local. This identity source is internal to vCenter Single Sign-On. A vCenter Single Sign-On administrator user can create vCenter Single Sign-On users and groups. Types of Identity Sources vCenter Server versions earlier than version 5.1 supported Active Directory and local operating system users as user repositories. As a result, local operating system users could always authenticate to the vCenter Server system. vCenter Server version 5.1 and version 5.5 uses vCenter Single Sign-On for authentication. See the vSphere 5.1 documentation for a list of supported identity sources with vCenter Single Sign-On 5.1. vCenter Single Sign-On 5.5 supports the following types of user repositories as identity sources, but supports only one default identity source. n Active Directory versions 2003 and later. vCenter Single Sign-On allows you to specify a single Active Directory domain as an identity source. The domain can have child domains or be a forest root domain. Shown as Active Directory (Integrated Windows Authentication) in the vSphere Web Client. n Active Directory over LDAP. vCenter Single Sign-On supports multiple Active Directory over LDAP identity sources. This identity source type is included for compatibility with the vCenter Single Sign-On service included with vSphere 5.1. Shown as Active Directory as an LDAP Server in the vSphere Web Client. n OpenLDAP versions 2.4 and later. vCenter Single Sign-On supports multiple OpenLDAP identity sources. Shown as OpenLDAP in the vSphere Web Client. n Local operating system users. Local operating system users are local to the operating system where the vCenter Single Sign-On server is running. The local operating system identity source exists only in basic vCenter Single Sign-On server deployments and is not available in deployments with multiple vCenter Single Sign-On instances. Only one local operating system identity source is allowed. Shown as localos in the vSphere Web Client. n vCenter Single Sign-On system users. Exactly one system identity source named vsphere.local is created when you install vCenter Single Sign-On. Shown as vsphere.local in the vSphere Web Client. NOTE At any time, only one default domain exists. If a user from a non-default domain logs in, that user must add the domain name (DOMAIN\user) to authenticate successfully. vCenter Single Sign-On identity sources are managed by vCenter Single Sign-On administrator users. You can add identity sources to a vCenter Single Sign-On server instance. Remote identity sources are limited to Active Directory and OpenLDAP server implementations. For more information about vCenter Single Sign-On, see vSphere Security. Login Behavior When a user logs in to a vCenter Server system from the vSphere Web Client, the login behavior depends on whether the user is in the default domain. n Users who are in the default domain can log in with their user name and password. 58 VMware, Inc.
![](/manual_guide/products/vmware-vs4entpla-setup-guide-9cc0699/58.png)