Use roles and privileges in NSX Manager to limit user privileges.

Users and service accounts must be assigned the required privileges only.

You can create a new role with reduced permissions. Navigate to

System

Settings > User management

Roles

. Click

Add role

, provide a name, the required permissions, and click

Save

.

You can reduce permissions to an existing role. Navigate to

System

Settings > User Management

User role assignment

. Click the vertical ellipsis next to the target user or group, select

Edit

, remove the existing role, select the new role, and click

Save

.

Integrate VMware Identity Manager (vIDM) or OpenID Connect (which supports multi factor authenticaiton) with NSX

Use vIDM or OpenID Connect to meet requirements for authentication, authorization, and access control.

NSX Manager must obtain its public key certificates from an approved certificate authority.

For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.