With vSphere 5.5, the vCenter Single Sign On (SSO) component was completely rewritten from the ground up. As you’d expect with such a re-write, the configuration is slightly different than in vSphere 5.1.
1. Log in to the vSphere Web Client as [email protected] (as opposed to admin@system-domain in vCenter SSO 5.1). By default, it will be the only user with vCenter SSO administrator rights.
2. Click on Administration in the left hand menu.
3. Before we add any new administrator users, let’s get vCenter SSO tied in to our local LDAP. In my lab, that’s Active Directory. Click Configuration under Single Sign-On.
4. Click on Identity Sources.
5. Click the green + to add a new Identity Source.
6. VMware has managed to simplify the addition of an Active Directory domain as an Identity Source by using the machine account of the vCenter SSO machine to authenticate (and it works great!)
Or you can use a Service Principal Name (SPN) and credentials to connect if that’s a requirement. You can also fill in LDAP information for your Active Directory as in vSphere SSO 5.1 (which is the same layout as Open LDAP).
We also have the option to add Local OS (the Windows host machine that vCenter SSO is installed on, which may be separate from vCenter Server itself) as an Identity Source.
7. Once you’ve added your new Identity Source, add it as the default domain.
8. Now, let’s go to Users and Groups.
9. Click Groups (1), then click on the Administrators group (2).
10. Click Add Member under Group Members.
11. Choose the appropriate domain (1) and user (2), click Add (3), then OK (4).
12. Now, you should see the newly added member of the Administrators group.
13. Now, as we log in with the newly added vCenter SSO administrator…
We are able to configure vCenter SSO without any issue.