SSO identity sources

An identity source is a repository for users and groups that can be used by vCenter SSO for user authentication. This is usually a directory service, such as Active Directory or OpenLDAP. Each identity source is associated with a domain, which enables vCenter SSO to authenticate users against multiple domains.

Here is a list of supported identity sources in vCenter Server 5.5:

Identity source Description  Name in Web  Client
 Active Directory version 2003 and later

 

You can specify a single Active Directory domain as an identity source. The domain can have child domains or be a forest root domain.  Active Directory  (Integrated Windows    Authentication)
 Active Directory over LDAP

 

Included mainly for compatibility with the vCenter Single Sign-On service included with vSphere 5.1.  Active Directory as an    LDAP Server
 OpenLDAP versions 2.4 and later

 

Multiple OpenLDAP identity sources are supported.  OpenLDAP
 Local operating system users Local operating system users are local to the operating system where the vCenter Single Sign-On server is running. This identity source is supported only in basic vCenter Single Sign-On server deployments and is not available in deployments with multiple vCenter Single Sign-On instances. Only one local operating system identity source is allowed.  localos
 vCenter SSO system users This identity source named vsphere.local is created when you install vCenter Single Sign-On.  vsphere.local

 

The default identity source (vshpere.local)

The default identity source called vsphere.local is created when vCenter SSO is installed. This identity source is used when a user logs in without a domain name. The user named administrator is created in this domain and can be used to add identity sources, set the default identity source, change the password and lockout policy and manage users and groups in the vsphere.local domain.

Users who do not belong to the vsphere.local domain must specify their domain name in one of two ways:

1. specifying the domain name prefix, for example, DOMAIN\john
2. including the domain, for example, john@domain.local

Geek University 2022