Federating with Microsoft Active Directory

Federating enables users at your company to use the same login credentials for the Private Cloud Compute Web UI that they already use for other logins in the company.

To federate, an administrator creates a trust relationship between the existing identity provider and Private Cloud Appliance. When this relationship is established, federated users are prompted with a single sign-on when accessing the Compute Web UI.

You can federate multiple Active Directory (AD) accounts with Private Cloud Appliance. Each federation trust is for a single AD account. To create a trust, you perform some tasks in the Private Cloud Appliance Compute Web UI and some tasks in Active Directory Federation Services (ADFS).

Before you begin federating, ensure you have completed the following tasks:

  • Installed and configured Microsoft ADFS for your organization.

  • Created groups in AD that will map to groups in Private Cloud Appliance.

  • Created users in AD who will sign in to the Private Cloud Appliance Compute Web UI.

Note

Consider using a common prefix to name AD groups that you intend to map to Private Cloud Appliance. For example, use AD group names such as <name>_Administrators, <name>_NetworkAdmins, <name>_InstanceLaunchers.