vSphere – Adding Domain Users/Groups to vCenter

KB ID 0001063

Problem

Note: This article is for vSphere 6, for vSphere 7 and vSphere 8 see the following article.

vCenter Domain Authentication

Despite my best efforts to keep working with the VMware VI client, my recent move to a MAC has finally forced me to start using the web client. So when I rebuilt my vCenter this week, I went out of my way to use that.

Note: If you have your vCenter and Platform Services Controller (PSC) separated, the use the following article instead;

vSphere: Setup Domain Authentication via PSC

Solution

I’m assuming you have a default install of vCenter and you have also installed the SSO options (this would be the default). You should also have taken note of the administrator@vsphere.local password you entered when you installed vCenter.

1. Log into the vCenter with the vSphere Web Client, as administrator@vsphere.local

URL will be https://{IP or Hostname}:9443

Navigate to Administration > Single Sign On > Configuration > Identity Sources > Select your domain and set it as the default domain.

2. Note: If your domain is not listed (you didn’t add it during the install of vCenter for example), then simply add it first.

3. Users and Groups > Groups > Administrators > Add > Change the domain to yours > Locate the user (or group) > Add > OK.

4. Now you need to grant rights, the simplest way is to grant rights at the vCenter level, and then those rights will cascade down to the Datacenter(s), Clusters, Hosts, and Virtual Machines.
Home > vCenter Servers > Select your vCenter > Manage > Permissions > Add.

5. Select the Administrator role > Add > Select your domain > Locate the users and groups you want to ad > Add > OK.

 

Related Articles, References, Credits, or External Links

Add Domain Authentication To The vCenter Server Appliance