This topic gives you an overview of Single Sign‑On for VMware Tanzu.
Single Sign‑On is an all-in-one solution for securing access to apps and APIs on Tanzu Platform for Cloud Foundry. Single Sign‑On provides support for native authentication, federated single sign-on, and authorization. Operators can configure native authentication and federated single sign-on, for example SAML, to verify the identities of application users. After authentication, Single Sign‑On uses OAuth 2.0 to secure resources or APIs.
Tanzu Application Service is now called Tanzu Platform for Cloud Foundry. The current version of Tanzu Platform for Cloud Foundry is 10.0.
About Single Sign‑On
Single Sign‑On enables users to log in through a single sign-on service and access other apps that are hosted or protected by the service. This improves security and productivity by removing the need for users to log in to individual apps.
Developers are responsible for selecting the authentication method for application users. They can select native authentication provided by the User Account and Authentication (UAA) or external identity providers. UAA is an open source identity server project under the Cloud Foundry (CF) foundation that provides identity based security for apps and APIs.
Single Sign‑On supports service provider-initiated authentication flow and single logout. It does not support identity provider-initiated authentication flow. All Single Sign‑On communication takes place over SSL.
OAuth 2.0 Authorization
After authentication, Single Sign‑On uses OAuth 2.0 for authorization. OAuth 2.0 is an authorization framework that delegates access to apps to access resources on behalf of a resource owner.
Developers define resources required by an application bound to a Single Sign‑On service instance and administrators grant resource permissions. See the Configuring Applications topic for more details.
Product Snapshot
The following table provides version and version-support information about Single Sign‑On:
| Element | Details |
|---|---|
| Version | 1.16.8 |
| Release Date | Feb 24, 2025 |
| Compatible Tanzu Operations Manager versions | 3.0 |
| Compatible Tanzu Application Service versions | 6.0, 4.0 |
| Compatible Tanzu Platform for Cloud Foundry versions | 10.x |
| IaaS support | AWS, GCP, OpenStack, Azure, and vSphere |
Single Sign‑On for VMware Tanzu is compatible with Tanzu Operations Manager from release 2.10, and Tanzu Application Service from release 2.11. Only supported versions of the apps are shown in the table.
Integration Guides
Use these guides to help you plan and implement your integration with Single Sign‑On.
- Active Directory Federation Services (AD FS) Integration Guide
- Microsoft Entra ID SAML Integration Guide
- Microsoft Entra ID OIDC Integration Guide
- Layer7 SiteMinder Integration Guide
- Google Cloud Platform OpenID Connect Integration Guide
- Okta Integration Guide
- PingFederate Integration Guide
- PingOne Cloud Integration Guide
- Plan-to-Plan OIDC Integration Guide
Content feedback and comments