Authenticating Through
and vCenter Single Sign-On

For all
hosts that are managed by a
system that is integrated with vCenter Single Sign-On 6.0 and later, you can authenticate directly to the
system, or you can authorize to
through vCenter Single Sign-On.
The best practice is to authenticate through vCenter Single Sign-On. The vCenter Single Sign-On service is included in the Platform Services Controller. The Platform Services Controller can be embedded in your
installation, or one Platform Services Controller can handle authentication, certificate management, and some other tasks for multiple
systems.
You cannot use this approach if
is integrated with vCenter Single Sign-On 5.0.
You use the
--psc
option and, optionally, the
--server
option.
  • psc
    - Specifies the Platform Services Controller instance associated with the
    system that manages the host.
  • server
    - Specifies the
    system that manages the host. Required if the Platform Services Controller instance is associated with more than one
    system.
  • vihost
    - Specifies the
    host, as in earlier versions of vCLI.

Examples

vicfg-nics -l --username <sso_username> --password "<admin_pwd>" --server <vc_HOSTNAME_OR_IP> --psc <psc_HOSTNAME_OR_IP> --vihost <esxi_HOSTNAME_OR_IP>
esxcli --server vc_HOSTNAME_OR_IP> --vihost <esxi_HOSTNAME_OR_IP> --username USERNAME> --password <PASSWORD> --psc <psc_HOSTNAME_OR_IP> hardware clock get
If the specified user is known to vCenter Single Sign-On, a session is created. You can save the session with the
--savesessionfile
argument, and later use that session with the
--sessionfile
argument. For example, you can save the session by running the following command.
vicfg-nics -l --username sso_username> --password "<admin_pwd>" --server vc_HOSTNAME_OR_IP> --psc <psc_HOSTNAME_OR_IP> --vihost <esxi_HOSTNAME_OR_IP>
Using a session file results in less overhead and better performance than connecting to the Platform Services Controller repeatedly.