Sunday, 29 November 2015

Adding Active Directory User To VCSA

Written by Suhas Savkoor



So, I have got my new vCenter Server Appliance 5.5 set up, and now I want to have a domain user to be able to login to vCenter and manage the environment. 

Here my domain is "vcloud.local" and I have created a User Suhas2 under this domain. Now I want Suhas2 to be able to Login to vCenter Appliance with full Administrator permissions and be able to perform all vCenter tasks. 



1. So First I will make sure that my vCenter Appliance is running and I will make a note of the IP address assigned to this.


2. Let's login to the vCenter Appliance Management Page (Commonly called VAMI Page). To access this page:
                      https://<Appliance_IP_or_FQDN>:5480

Once the web page loads, login to the appliance with "root" credentials. 

3. Let's add the vCenter Appliance to a domain. Here I will be joining my appliance to the vcloud.local domain.

Navigate to the vCenter Server Tab and Select Authentication. Check Active Directory Enable and enter the Domain name and it's credentials. Click Save Settings.

We need to restart the appliance for the changes to be applied. Navigate to System tab and select Reboot

4. Once the appliance has finished rebooting, login to the web client for the VCSA. 
                      https://<Appliance_IP_or_FQDN>:9443

Once the web page loads up, login to the client with the SSO credentials. 

5. Select Administration and Under Single Sign On, click Configuration. Here we need to add the Identity Source, so that the Users under the domain can be added to vCenter and appropriate permissions can be assigned to them. 

In the Identity Source tab Click The Add Button. There are multiple Identity Source type, and information regarding each of them can be found here. In my case, I am going to choose Active Directory as a LDAP Server. 

Fill Up the Identity Source Settings. 




Once done, click Test Connection and verify the connection was established successfully. We should be now able to see this Identity Source listed under the table. I will make this Identity Source as a default Domain so that there is no need to specify the domain name for the user every time I login to vCenter. 

Select the Identity Source and Select Set as Default Domain option (Under tool-bar of identity Sources tab.)

6. Now it is time to add the Active Directory user to the vCenter and assign Administrator permissions to it. 

Let's login to the vSphere Client with SSO Credentials. 

Select the vCenter and click Permissions tab. 




7. Right Click And Click Add Permissions and you will see an Assign Permissions window. 


8. Click Add  and from the Domain drop-down, select your respective domain that was recently added. Under Users and Groups locate your required user and select Add and click OK. 


9. From the right hand side Under Assigned Role drop-down, select your required role. Here I am choosing the Administrator Role for the user. Click OK.

10. That's it, we are done. Now verify the procedure by opening a client to vCenter and logging in with the AD user that we just assigned the permissions to. You can verify the user logged into vCenter from the Bottom Right Column which displays this information. 



And there we go, success!