Now Live – vCenter Federation for VMware Cloud on AWS 

VMware Cloud on AWS customers can now enable federated login into their SDDC vCenter Server and securely authenticate without having to re-enter their credentials through a process called Single Sign On (SSO). This enables users to login to vCenter with the same federated identity providers they use to login to the VMware Cloud on AWS console.  With this feature, we simplify the user experience, improve productivity, and enhance security for our customers. 

When you enable the vCenter federation feature on an SDDC, the VMware Cloud on AWS platform replaces all external identity providers (using source type AD over LDAP and native LDAP) with the Identity Providers (IDPs) federated with your VMware Cloud Services organization (with source type SSO). Changing identity providers modifies the means of authentication (AuthN) but does not alter authorization (AuthZ) in any way. No additional users or groups are granted access to your vCenter server. 

To get started with this feature, the following pre-requisites must be met: 

• Minimum SDDC version must be 1.22 
• Enterprise Federation must be enabled for ALL domains that require vCenter Access 
• Your Identity Provider (IdP) must be linked to your VMware Cloud Services organization 

Please note that we do not currently support simultaneous use of SSO and AD/LDAP identity sources. If multiple domains are configured in your vCenter and if these domains require continued access to vCenter post federation, then all domains that need access to vCenter must go through the Enterprise Federation process. 

Here is a short demonstration to see this feature in action: