VMware PowerCLI

The Best User Interface for your VMware Datacenter!

Module to manage vCenter SSO Admin functionality (SSO Users, Password, Lockout Policy, Identity Source, etc)

Today, vCenter SSO operations can not be Automated through PowerCLI, it would be very useful to expose a module that would provide such capabilities. Below are several articles outline use cases that rely on a CLI that resides on the vCenter Server and ideally, this functionality can be remotely called via an API that PowerCLI can consume




  • William Lam
  • Sep 7 2017
  • Delivered
  • Attach files
  • Dimitar Milov commented
    27 May, 2021 09:32am

    Global permission is not in the SsoAdmin domain. There is a PowerShell Module that covers the global permissions


  • Kamen Nikolov commented
    26 May, 2021 07:27am

    Hi Sourav,
    Please add this as a feature request in the github repo. We would like to keep all feature requests for this module in one place.

  • Sourav commented
    26 May, 2021 04:17am

    Would it be possible to add Global Permissions management capability to this module? That would probably be a useful part of SSO user management.

  • david becher commented
    4 Feb, 2021 07:51pm

    Is it possible to add an active directory server with specific domain controllers with this module? I don't see anything about passing SSL certs in the parameters, which are required for ldaps://

  • Kamen Nikolov commented
    5 Oct, 2020 02:21pm

    We have developed an open source module to allow managing SSO Admin functionality. It's available at: https://github.com/vmware/PowerCLI-Example-Scripts/tree/master/Modules/VMware.vSphere.SsoAdmin

  • Dimitar Milov commented
    30 Sep, 2020 01:30pm
  • Dimitar Milov commented
    25 Sep, 2020 11:34am

    Hi everybody,

    If you have to set priorities to which SsoAdmin features should be available in PowerShell choosing from below list what are the most needed:

    -PasswordPolicy: Get/Set

    -ExternalDomain: Add/Get

    -LocalOSDomain: Add/Get

    -LocalUser: Get/New/Remove

    -LocalUserPassword: Reset

    -SolutionUser: Get/New/Remove


    -Cert Managment: New/Get/Delete-Certificate, TrustedCertificate, KnownCertificateChains, New-SignerIdentity

    -ClockTolerance: Get/Set-ClockTolerance

    -STS Settings: DelegationCount, RenewCount, HoKLifetime, BearerTokenLifetime

  • chin woo commented
    17 Sep, 2020 02:56am

    This is what I've been looking for, really meaningful

  • Anders Mikkelsen commented
    20 Aug, 2020 09:02pm

    This is the last piece missing for standing up an ENTERPRISE ready virtual datacenter fully automated.

  • Forrest Burrows commented
    14 Feb, 2020 02:02pm

    This would be a huge improvement for deployments, configuration management, and compliance auditing. It astounds me that this has not been an option. 

  • Jason Hong-Turney commented
    1 Jul, 2018 06:06am

    If I could upvote this 1,000 times, I would.  I could hack this in 6.5 by pulling over a couple of .sh files from a 6.0 install, but it's just not possible so far as I can tell in 6.7.  So much for being able to automate an entire deploy.

  • Morgan Svensson commented
    8 Sep, 2017 07:41am

    This would be really useful. I'm in the process of automating a vSphere installation with PowerCLI and this is the one big piece missing...

  • Steve Kaplan commented
    7 Sep, 2017 11:48pm

    This is actually a big deal, as for things like the vSphere STIG... DISA has a lot of SSO-centric things that can't be automated today... I broke it down on my github repo for doing STIG things: https://github.com/stvkpln/vsphere-stig-powercli