VCF | VMware

VCF 9 – Enable and Configure SSO Part 1 (Active Directory)

Byjarrad 2025-06-182025-06-18

In a previous post we went through the steps to deploy the External Identity Broker cluster.
Today we’re going to be going through the steps of configuring SSO across the VCF components and integrating with Active Directory.

First, log into VCF Operations and browse to Fleet Management / Identity and Access, then select your VCF Instance.

Step 1: Choose Deployment Mode – Click “Start” and we’ll select Identity Broker Appliance. If you haven’t already deployed this, you’ll be prompted to.

Step 2: Configure Identity Provider, click “Start”

We’ll be using AD, but VCF 9 now supports modern identity providers such as Ping/Okta/Entra.

Configure with your AD Details. My domain is called “ad.home” and I’m binding with the built-in AD Administrator account.

Review and click “Finish”

Step 3: Configure User and Group Provisioning – Click “Configure”

Review the attribute mappings

I’m going to select my VCF_ADMIN group thats in the “VCF Users” OU

I’m not going to provision any users, as it’s best practice to control access via groups instead.

Review and Finish

Once complete, click Done.

We’ll pick up in Part 2 for the NSX & vCenter role mappings.

VCF | VMware

VCF 9 – Enable and Configure SSO Part 2 (vCenter / NSX)

Byjarrad 2025-06-18

In Part 1, I showed how to connect the Identity Broker to your Active Directory. In Part 2 we’ll be configuring the role mappings in vCenter and NSX. First, we need to link the products to the SSO Provider. Click “Edit” and we can select the NSX Manager and vCenters to enable. Note the warning…

VCF | VMware

VCF 5.2.x to 9 Upgrade – Part 3 (Workload Domains / Baseline Transition)

Byjarrad 2025-06-182025-06-18

Welcome to Part 3, today we’ll be performing an upgrade of a Workload (WLD) domain to VCF 9, after we successfully imported the Management Domain in the previous post. Log into Operations and browse to Fleet Management / Lifecycle. This is going to look like the old SDDC Manager upgrade interface, and it works the…

Homelab | VMware

Gibson Upgrade Chronicles – Part 3

Byjarrad 2025-05-012025-05-01

The parts have all landed (finally) including the extra fans I needed.Here’s the install pic showing the extra CPUs, fans, memory and 25Gbit RNDC card installed. Luckily the RAM from the old Gibson was also compatible with the new hardware, so I’ve pulled some extra memory. ESX installed, hosts cut over and the old ones…

Holodeck | PowerCLI

Code Snips – Holodeck vApp Start Order

Byjarrad 2025-01-092025-02-25

When deploying Holodeck, I like to add the VMs to a vApp so I can power-up/power-down the environment from one place. Because this is running vSAN, we want all the nodes to power up simultaneously to minimise any potential issues with the vSAN consistency.When we create a vApp, the VMs will just get added to…

Holodeck | VCF | VMware

VCF 9 – Deploy New Workload Domain

Byjarrad 2025-06-182025-06-18

Welcome back, in today’s post we’ll be covering the method to deploy a new Workload Domain with VCF 9. As you’ll now be aware, a lot of the functionality has now moved away from the SDDC Manager and into VCF Operations. First, we need to commission the 3x ESX hosts are are planning to use…

Holodeck | NSX | PowerCLI

Code Snips – Holodeck NSX Password Expiry

Byjarrad 2025-01-092025-02-25

This code snip is used to set the expiry on NSX accounts to “9999” days to ensure we don’t get any annoying account lockouts. For VCF we cannot just disable password expiry, as it will cause SDDC Manager workflow issues if an empty expiry time is returned from NSX. This is my first attempt at…

Related

Similar Posts