VMware Aria Operations 8.17.1

8.18 8.17.1 8.16 8.14 8.12
简体中文 Deutsch Español Français 日本語 한국어 繁體中文 English

Configure a Single Sign-On Source in
VMware Aria Operations

As a system administrator or virtual infrastructure administrator, you use single sign-on to activate SSO users to log in securely to your
VMware Aria Operations
 environment.
  • Verify that the server system time of the single sign-on source and
    VMware Aria Operations
     are synchronized. If you need to configure the Network Time Protocol (NTP), see VMware Aria Operations Cluster and Node Maintenance.
  • Verify that the server system time of the single sign-on source and
    VMware Aria Operations
     are synchronized. If you need to configure the Network Time Protocol (NTP), see information about cluster and node maintenance in the
    VMware Aria Operations
     Getting Started Guide
    .
  • Verify that you have access to a Platform Services Controller through the
    vCenter Server
    . See the VMware vSphere Information Center for more details.
After the single sign-on source is configured, users are redirected to an SSO identity source for authentication. When logged in, users can access other vSphere components such as the
vCenter Server
 without having to log in again.
  1. Log in to
    VMware Aria Operations
     as an administrator.
  2. From the left menu, click
    Administration
    , and then click the
    Authentication Sources
     tile.
  3. Click
    Add
    .
  4. In the Add Source for User and Group Import dialog box, provide information for the single sign-on source.
    Option
    Action
    Source Display Name
    Type a name for the import source.
    Source Type
    Verify that SSO SAML is displayed.
    Host
    Enter the IP address or FQDN of the host machine where the single sign-on server resides. If you enter the FQDN of the host machine, verify that every node in the
    VMware Aria Operations
     cluster can resolve the single sign-on host FQDN.
    Port
    Set the port to the single sign-on server listening port. By default, the port is set to 443.
    User Name
    Enter the user name that can log into the SSO server.
    Password
    Enter the password.
    Grant administrator role to
    vRealize Operations Manager
     for future configuration?
    Select
    Yes
     so that the SSO source is reregistered automatically if you make changes to the
    VMware Aria Operations
     setup. If you select
    No
    , and the
    VMware Aria Operations
     setup is changed, single sign-on users will not be able to log in until you manually reregister the single sign-on source.
    Automatically redirect to vRealize Operations single sign-on URL?
    Select
    Yes
     to direct users to the vCenter single-sign on log in page. If you select
    No
    , users are not redirected to SSO for authentication.
    Import single sign-on user groups after adding the current source?
    Select
    Yes
     so that the wizard directs you to the Import User Groups page when you have completed the SSO source setup. If you want to import user accounts, or user groups at a later stage, select
    No
    .
    Advanced options
    If your environment uses a load balancer, enter the IP address of the load balancer.
  5. Click
    Test
     to test the source connection, and then click
    OK.
    The certificate details are displayed.
  6. Select the
    Accept this Certificate
     check box, and click
    OK
    .
  7. In the Import User Groups dialog box, import user accounts from an SSO server on another machine.
    Option
    Action
    Import From
    Select the single sign-on server you specified when you configured the single sign-on source.
    Domain Name
    Select the domain name from which you want to import user groups. If Active Directory is configured as the LDAP source in the PSC, you can only import universal groups and domain local groups if the
    vCenter Server
     resides in the same domain.
    Result Limit
    Enter the number of results that are displayed when the search is conducted.
    Search Prefix
    Enter a prefix to use when searching for user groups.
  8. In the list of user groups displayed, select at least one user group, and click
    Next
    .
  9. In the Roles and Objects pane, select a role from the
    Select Role
     drop-down menu, and select the
    Assign this role to the group
     check box.
  10. Select the objects users of the group can access when holding this role.
    To assign permissions so that users can access all the objects in
    VMware Aria Operations
    , select the
    Allow access to all objects in the system
     check box.
  11. Click
    OK.
  12. Familiarize yourself with single-sign on and confirm that you have configured the single sign-on source correctly.
    1. Log out of
      VMware Aria Operations
      .
    2. Log in to the
      vSphere Web Client
       as one of the users in the user group you imported from the single sign-on server.
    3. In a new browser tab, enter the IP address of your
      VMware Aria Operations
       environment.
    4. If the single sign-on server is configured correctly, you are logged in to
      VMware Aria Operations
       without having to enter your user credentials.

Content feedback and comments