Thursday, July 30, 2020

vSphere 7 and ADFS

How To Configure vSphere + ADFS

vSphere 7 introduces support for Active Directory Federation Services as an external identity Provider. 
The idea is to be authenticated by ADFS and NOT by SSO. 

Prerequisites:

ADFS for Windows Server 2016R2
ADFS connected to Active Directory
An Application Group for vCenter Server to be created in ADFS
An ADFS server certificate signed by a Trusted CA

1. Configure Active Directory Federation Provider by clicking on Configuration under SSO. 


2. Select the option "Change Identity Provider"


3. Configure the ADFS settings


4. Provide the Base distinguished name for users and groups plus the Primary URL. Make sure to scroll down and NOT miss the SSL Certificate section. 


5. Click on Finish.


6. Verify the settings and click on Finish.


7. Add permissions for the ADFS administrator account. Bind him to the Admin role.


8. Log into vSphere as the domain user and notice how you are redirected to your corporate page.