Integrating Active Directory with VMware vSphere SSO

One item I see mentioned fairly often, either in relation to personal labs or production environments, is the integration of vSphere SSO with Active Directory. Configuring vSphere’s SSO/AD integration via LDAP is a simple process, more so thanks to vSphere 6.5.

1. Login to the VMware vSphere Web Client using the vCenter Single Sign-On user credentials configured as part of the VMware vCenter Server installation.


2. Browse to Administration > Single Sign-On > Configuration and click the Identity Services tab.


3. Click the Add Identity Source icon, select Active Directory as an LDAP Server, and click Next.


4. Configure the new identity source accordingly and click Next.


5. Confirm the summary and click Finish.


6. Select your new identity source and click the Set as Default Domain icon.


Next, we’ll add an Active Directory Security Group to the vSphere Global Permissions, enabling us to test SSO functionality.

7. Browse to Administration > Access Control > Global Permissions, and click the Add Permission icon.


8. Via the Add Permission wizard, click Add.


9. Select your domain, recently added via the LDAP identity source, and add the required security group.


10. Your added security group will now display, allowing you to logout and back in utilising your domain credentials.