Managing Users and Groups in VMware Cloud
Foundation
You can add users and groups to
VMware Cloud Foundation
to provide users with
access to the SDDC Manager UI
as well as the
vCenter Server
and NSX Manager
instances that are deployed in your
VMware Cloud Foundation
system. Users can log in and perform tasks based on
their assigned role.Before you can add users and groups to
VMware Cloud Foundation
, you must
configure an identity provider that has access to user and group data. VMware Cloud Foundation
supports the following
identity providers:- vCenter Single Sign-On isvCenter Server's built-in identity provider. By default, it uses the system domain (for example,vsphere.local) as its identity source. You can add Active Directory over LDAP and OpenLDAP as identity sources for vCenter Single Sign-On.
- You can also use any of the following external identity providers instead of vCenter Single Sign-On:
- Microsoft ADFS
- Okta
- Microsoft Entra ID (formerly known as Azure Active Directory)
Once you have configured an identity provider, you
can add users and groups, and assign roles to determine what tasks they can perform from
the
SDDC Manager UI
and VMware Cloud Foundation
API.SDDC Manager
only manages users and groups for the management SSO domain.
If you created isolated VI workload domains that use different SSO domains, you must use
the vSphere Client to manage users and groups for those SSO domains. Use the vSphere
Client to connect to the VI workload domain's vCenter Server and then click .In addition to user accounts,
VMware Cloud Foundation
includes the following
accounts:- Automation accounts for accessingVMware Cloud FoundationAPIs. You can use these accounts in automation scripts.
- Local account for accessingVMware Cloud FoundationAPIs when vCenter Server is down.
- Service accounts are automatically created byVMware Cloud Foundationfor inter-product interaction. These are for system use only.