6.7
Table Of Contents
- Platform Services Controller Administration
- Contents
- About Platform Services Controller Administration
- Getting Started with Platform Services Controller
- vCenter Server and Platform Services Controller Deployment Types
- Deployment Topologies with External Platform Services Controller Instances and High Availability
- Understanding vSphere Domains, Domain Names, and Sites
- Platform Services Controller Capabilities
- Managing Platform Services Controller Services
- Managing the Platform Services Controller Appliance
- vSphere Authentication with vCenter Single Sign-On
- Understanding vCenter Single Sign-On
- Configuring vCenter Single Sign-On Identity Sources
- Understanding vCenter Server Two-Factor Authentication
- Using vCenter Single Sign-On as the Identity Provider for Another Service Provider
- Security Token Service STS
- Managing vCenter Single Sign-On Policies
- Managing vCenter Single Sign-On Users and Groups
- Add vCenter Single Sign-On Users
- Disable and Enable vCenter Single Sign-On Users
- Delete a vCenter Single Sign-On User
- Edit a vCenter Single Sign-On User
- Add a vCenter Single Sign-On Group
- Add Members to a vCenter Single Sign-On Group
- Remove Members from a vCenter Single Sign-On Group
- Delete vCenter Single Sign-On Solution Users
- Change Your vCenter Single Sign-On Password
- vCenter Single Sign-On Security Best Practices
- vSphere Security Certificates
- Certificate Requirements for Different Solution Paths
- Certificate Management Overview
- Managing Certificates with the vSphere Client
- Managing Certificates from the vSphere Web Client
- Managing Certificates with the vSphere Certificate Manager Utility
- Certificate Manager Options and the Workflows in This Document
- Regenerate a New VMCA Root Certificate and Replace All Certificates
- Make VMCA an Intermediate Certificate Authority (Certificate Manager)
- Generate CSR with vSphere Certificate Manager and Prepare Root Certificate (Intermediate CA)
- Replace VMCA Root Certificate with Custom Signing Certificate and Replace All Certificates
- Replace Machine SSL Certificate with VMCA Certificate (Intermediate CA)
- Replace Solution User Certificates with VMCA Certificates (Intermediate CA)
- Replace All Certificates with Custom Certificate (Certificate Manager)
- Revert Last Performed Operation by Republishing Old Certificates
- Reset All Certificates
- Manual Certificate Replacement
- Managing Services and Certificates with CLI Commands
- Troubleshooting Platform Services Controller
- Determining the Cause of a Lookup Service Error
- Unable to Log In Using Active Directory Domain Authentication
- vCenter Server Login Fails Because the User Account Is Locked
- VMware Directory Service Replication Can Take a Long Time
- Export a Platform Services Controller Support Bundle
- Platform Services Controller Service Logs Reference
n
Add Members to a vCenter Single Sign-On Group
Members of a vCenter Single Sign-On group can be users or other groups from one or more identity
sources. You can add new members from the vSphere Web Client.
n
Remove Members from a vCenter Single Sign-On Group
You can remove members from a vCenter Single Sign-On group by using the vSphere Client. When
you remove a member (user or group) from a group, you do not delete the member from the system.
n
Delete vCenter Single Sign-On Solution Users
vCenter Single Sign-On displays solution users. A solution user is a collection of services. Several
vCenter Server solution users are predefined and authenticate to vCenter Single Sign-On as part of
installation. In troubleshooting situations, for example, if an uninstall did not complete cleanly, you
can delete individual solution users from the vSphere Web Client.
n
Change Your vCenter Single Sign-On Password
Users in the local domain, vsphere.local by default, can change their vCenter Single Sign-On
passwords from a Web interface. Users in other domains change their passwords following the rules
for that domain.
Add vCenter Single Sign-On Users
Users listed on the Users tab in the vSphere Client are internal to vCenter Single Sign-On and belong to
the vsphere.local domain. You add users to that domain from one of the vCenter Single Sign-On
management interfaces.
You can select other domains and view information about the users in those domains, but you cannot add
users to other domains from a vCenter Single Sign-On management interface.
Procedure
1 Log in with the vSphere Client to the vCenter Server connected to the Platform Services Controller.
2 Specify the user name and password for administrator@vsphere.local or another member of the
vCenter Single Sign-On Administrators group.
If you specified a different domain during installation, log in as administrator@mydomain.
3 Navigate to the vCenter Single Sign-On user configuration UI.
a From the Home menu, select Administration.
b Under Single Sign On, click Users and Groups.
4 If vsphere.local is not the currently selected domain, select it from the drop-down menu.
You cannot add users to other domains.
5 On the Users tab, click Add User.
6 Type a user name and password for the new user.
You cannot change the user name after you create a user. The password must meet the password
policy requirements for the system.
Platform Services Controller Administration
VMware, Inc. 64