VMware Identity Broker - vCenter Server
Workflows
Last Updated December 16, 2024

You can federate your
vCenter Server
to an external identity provider through
VMware Identity Broker - vCenter Server
. It is a built-in container within
vCenter Server
that enables federation to an external identity provider such as Okta or Azure AD.

What Is
VMware Identity Broker - vCenter Server

VMware Identity Broker - vCenter Server
is VMware's specialized authentication solution that allows you to federate your apps to external identity providers such as Okta or Azure AD.
VMware Identity Broker - vCenter Server
functions as a container built-in within your
vCenter Server
.
VMware Identity Broker - vCenter Server
comes with its own that is separate from the
vSphere Automation
API and the vSphere Web Services API.
You can use
VMware Identity Broker - vCenter Server
to federate to:
  • Okta (starting in vSphere 8.0 Update 1)
  • Azure AD (starting in vSphere 8.0 Update 2)

Configure
vCenter Server
Identity Provider Federation to Okta or Azure AD

To configure your
vCenter Server
to point to Okta or Azure AD as the identity provider, you must use the Okta or Azure AD interface and the
vSphere Client
. This integration uses
VMware Identity Broker - vCenter Server
. For more information, see and from the
vSphere Authentication Guide
.

OAuth Authentication to Your Federated
vCenter Server
, App, or Script

Once configured, you can use the
vSphere Automation
and the
VMware Identity Broker - vCenter Server
APIs to authenticate to your federated
vCenter Server
, application, or script.
You can use the following OAuth 2.0 grant types:
  • Password (not recommended)
  • Authorization Code
  • Client Credentials
  • Refresh Token