Clearpath Insights: Managed Services | Cloud Services | IT Solutions

Configuring vCenter SSO to Use a New AD Identity Source

During the installation of vCenter Single Sign On (SSO), the installer will attempt to detect the Active Directory (AD) domain for the logged in user and add it as an Identity Source. For the most part, this works fine; however, I’ve run into a couple of instances so far deploying vSphere 5.1 to customers where they either want to add a second AD Identity Source or for one reason or another (running the installer as the local administrator is a typical case), the installer didn’t properly add a non-System-Domain Identity Source.

Contact Clearpath's VMware Licensing and Professional Services Team
To add a new AD Identity Source:


1. Log in to the vCenter Server Web Client as admin@system-domain (password defined during SSO installation).

vmware vsphere web client resized 600

2. Click Administration in the left-hand pane.

vmware vsphere web client admin resized 600

3. Under Sign-On and Discovery, click Configuration. On the Identity Sources tab, click the green + icon to add a new Identity Source.

vmware vsphere web client config resized 600

4. Choose Active Directory as the Identity Source type, then fill in the Identity Source Settings information for your Active Directory domain

a. Name - Name of the identity source, e.g., domain name
b. Primary Server URL - Primary domain controller
c. Secondary Server URL - Secondary domain controller (optional)
d. Base DN for Users - The base domain name for users (optional)
e. Domain Name - The domain’s DNS name, e.g., domain.tld
f. Domain Alias - The domain’s NetBIOS name, e.g. DOMAIN (optional)
g. Base DN for Groups - The base domain name for groups (optional)
h. Authentication Type - Choose Password
i. User Name - A domain user with minimum read-only rights to the base DN for users and groups
j. Password - The password for the above user

vmware vsphere web client identity source resized 600

5. Click Test Connection to make sure you have connectivity.

vmware vsphere test connection resized 600

6. Click OK to add the Identity Source.

7. Select the new Active Directory Identity Source, then click the icon for Add to Default Domains. Click OK on the subsequent warning.

vmware vsphere active directory resized 600
warning locked user accounts resized 600

8. Click the up arrow to move your Active Directory domain to the top, then click the Save button to save the configuration

saved active directory identity source resized 600

You’ve now added a new Active Directory Identity Source.

cta-engineers-customize

Our engineers customize
IT solutions for your business

The best hardware, software and cloud computing solutions are nothing without expert design and implementation.

Our team becomes your team. We take the time to understand your business needs first, and tailor high performance systems specifically for you.

Learn more
Live Chat Support Software