Identity Federation with Microsoft Active Directory
An administrator can configure identity federation between Private Cloud Appliance and Microsoft Active Directory. Authentication for Private Cloud Appliance is then delegated to the identity provider (Active Directory), enabling users to sign in with their existing accounts.
Many organizations use an identity provider to manage user logins and passwords and to authenticate users for access to secure websites, services, and resources. Federation involves setting up a trust relationship between the identity provider and Private Cloud Appliance. When an administrator has established this relationship, federated users are prompted with a single sign-on when accessing the Service Web UI.
You can federate several Microsoft Active Directory (AD) accounts with Private Cloud Appliance (for example, one for each division of the organization), but each federation trust that you set up must be for a single AD account. To set up a trust, you perform some tasks in the Service Web UI and some tasks in Active Directory Federation Services (ADFS).
Before you begin federating, ensure you already have:
-
Installed and configured Microsoft Active Directory Federation Services for your organization.
-
Set up groups in Active Directory that will map to groups in Private Cloud Appliance.
-
Created users in Active Directory who will sign in to the Service Web UI.
Consider naming Active Directory groups that you intend to map to Private Cloud Appliance groups with a common prefix to make it easy to apply a filter rule – for example: PCA_Administrators, PCA_NetworkAdmins, PCA_InstanceLaunchers.