VMware SSO is an authentication server that was made available starting with vSphere 5.1. With version 5.5, it has been rearchitected so that it is simple to plan and deploy, as well as easier to manage. With vSphere 6.0 and 6.5, it is now embedded into the PSC.
SSO acts as an authentication gateway, which takes the authentication requests from various registered components and validates the credential pair against the identity sources that are added to the SSO server. The components are registered to the SSO server during their installation.
Once authenticated, the SSO clients are provided with a token for further exchanges. The advantage here is that the user or administrator of the client service is not prompted for a credential pair (username and password) every time it needs to authenticate.
SSO supports authenticating against the following identity sources:
- Active Directory
- Active Directory as an LDAP server
- Open LDAP
- Local OS
Here are some of the components that can be registered with the VMware SSO and leverage its functionality. These components, in SSO terms, are referred to as SSO clients:
- VMware vCenter Server
- VMware vCenter Orchestrator
- VMware NSX
- VMware vCloud Director
- VMware vRealize Automation
- VMware vSphere Web Client
- VMware vSphere Data Protection
- VMware log browser