Differentiate available authentication methods with VMware vCenter

As previously stated, SSO is an authentication broker and security token exchange infrastructure.

In vSphere 5.1 and 5.5, SSO was a specific role, but starting with vSphere 6.0, SSO is a part of the PSC role.

As described in Objective 1.2, SSO supports multiple identity sources, including external directory services, such as AD.

Using AD for user authentication simplifies permission management, ensures password complexity, and allows for using the same security policies for AD, to minimize the risk of unauthorized access.

To improve authentication security, multi-factor authentication (MFA) is preferable to simple username/password methods. Two-factor authentication (2FA) is a type of multi-factor authentication that uses two components.

Starting with vSphere 6.0 Update 2, it is possible to use two-factor authentication, as follows:

  • Smart card (UPN-based Common Access Card (CAC))
  • RSA SecurID token
Note that vCenter SSO only supports native SecurID, and does not support RADIUS authentication.  For more information about authentication, see the PSC 6.5 Administration Guide ( https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.psc.doc/GUID-ACFFCBEC-6C1C-4BF9-9971-04AEE9362AFE.html ).
上一章目录下一章