191views
In Part 3 of the VCF 9 SSO series, we’ll be integrating VCF Operations, Logs and Automation with the Identity Broker.
First up – Operations.
Log into Operations as the Local Administrator, browse to Fleet Management/Identity and Access. Click on Operations appliance.
Click Continue and then we can select the Identity Broker cluster.
We’ll get the warning for the role mapping requirement:
Confirm and Continue.
Now we can set a role mapping from the SSO Source. Click Administration/Control Panel/Access Control/User Groups.
Click Import from Source
Add the group and click Finish.
Then Edit the group and assign the Administrator role for All Objects.
Click Save, and we’re finished with Operations.
Next up – Automation.
The first step is the same as Operations – go back to Fleet Management / Identity and Access, select automation appliance and “Configure”
We get the same warning again about Role Mappings.
The link in the above warning will open the automation console for you, open it in a new tab and log in with the built-in admin account.
In the left panel, click Access Control, then groups. Import Groups.
Add the AD Group name, and assign the role then click save. That’s Automation finished!
Lastly – we’ll configure Logs.
Go back to Fleet Management / Identity and Access. Select “VCF Other Components” and then click Continue.
We’ll be prompted with the following. Add the name for the client, and click “Generate OIDC Client”.
Now log into Logs as the local admin, browse to Configuration then Authentication. Click Edit on the VCF SSO section.
Copy and Paste the values from the OIDC Client and click Test Connection.
Accept the SSL Cert.
And now we should see a “Success” notification.
Click Save and we will see that VCF SSO is enabled.
Remember to go back to Operations and click Save on the new client.
I also had to edit the client to fix the URIs. By default these were configured with the IP address, but I updated to the FQDNs.
Now we can add a role mapping. Browse to Management / Access Control.
Click New Group and fill the details.
Click Save.
And that’s it, we’re done! Active Directory SSO has now been configured for Operations, Automation and Logs.
add a comment
Run Your Own Private Cloud on Proxmox: Deploy Alpine Nextcloud LXC with the Proxmox Community Script
Introduction Google Drive, OneDrive, Dropbox — you've been feeding your files, documents, photos, and arguably some of your most sensitive...
Self-Host Your Own AI Chat Platform with LibreChat: Deploy on Proxmox in Minutes with the Community Script
Introduction If you've ever stared at your monthly ChatGPT Plus bill and thought, "I'm an IT professional with a running...
Deploy Teleport on Proxmox in Minutes: Zero Trust Infrastructure Access via the Proxmox Community Script
Introduction Managing secure remote access to your home lab or production Proxmox environment has never been more important — and never more complicated, if you're still relying on SSH keys, shared passwords, or a badly configured VPN that you set up three years ago and haven't touched since. Teleport fixes all of that. Teleport is an open-source, identity-aware access platform that replaces traditional VPNs and static SSH keys with short-lived cryptographic certificates, SSO integration, and a full audit trail for every session. And thanks to the Proxmox Community Scripts project...
Proxmox Datacenter Manager 1.0 is Here
Introduction If you run more than one Proxmox VE cluster — or mix standalone nodes, backup servers, and remote datacenters — you have probably felt the pain of juggling multiple browser tabs just to get a handle on your infrastructure. Proxmox Datacenter Manager (PDM) was built to fix exactly that, and with the release of version 1.0, it has officially graduated from an experimental tool to a production-ready platform. This post breaks down everything that landed in the PDM roadmap update published on March 19, 2026: from the headline EVPN...
