Assigning users/groups to the vCenter Server
Be it a simple installation or component installation, you will only able to connect to vCenter Server using the SSO administrator (administrator@vsphere.local) after the installation. This is because, by default, the SSO administrator is assigned the vCenter administrator role. Most environments require other users to be able to connect to vCenter Server. To make this possible, you will need to manually assign an access role to a user/group you would like to provide access to.
Getting ready
Make sure that the domain from which you will be selecting a group/user is added as an identity source. For instructions, read the Adding an additional Identity Source to the SSO Server recipe.
How to do it…
The following procedure will guide you through the steps required in assigning access roles to a user/group:
- Using Web Client, connect to vCenter Server as the SSO administrator and navigate to the vCenter inventory home:
- At vCenter Home, click on vCenter Servers under the Inventory Lists category:
- Then, with the vCenter Server selected, navigate to Manage | Permissions and click on the + icon to bring up the Add Permission window:
- Click on the Add button to bring up the Select Users/Groups window:
- Select the domain you would like to add a group/user from, use the search box to filter the search, select the group/user, hit Enter to find the user/group, select and click on Add to make the selection, and click on OK to return to the Add Permission window:
- In the Change Role On Permission window, with the user selected, assign an intended role. Click on OK to add the permission:
- The Permissions tab will now show the newly added group/user:
You should now be able to use vSphere Client, vSphere Web Client, or any other connection type (API) to connect to vCenter Server using the added user.