Now that a Platform Services Controller installed, and vCenter Server installed; it’s time to configure single sign-on sources for our SSO domain.
SSO, or Single Sign On, was introduced in vSphere 5.1 and provides a more secure way of authenticating into the vSphere environment. SSO is now connected to multiple authentication domains, like active directory, and will exchange authentication for tokens which are used to access multiple vSphere services.
In our lab, we will configure SSO to use Active Directory as a source. First, log into the vSphere Web Client, and choose Administrator from the tree on the left. Then, choose Configuration, and finally the Identity Sources tab.
Next, click the green Plus to add a new identity source. There are 4 types of sources we can add:
- Active Directory (Integrated Windows Authentication)
- Active Directory as an LDAP Server
- Open LDAP
- Local OS
Since our Windows based vCenter server is joined to the domain, we will use the first option. This option can also be used for the VCSA, as it can be joined to a domain as well.
How, Active Directory (and by default the Local OS) are added as identity sources.
Clicking on the Policies tab, there are options to set rules and restrictions for our SSO accounts. The password policy has settings to enforce a specific set of rules for complex passwords, and the lockout policy is, obviously, a set of rules for locking out accounts after failed login attempts.