VMware PowerCLI

The Best User Interface for your VMware Datacenter!

Module to manage vCenter SSO Admin functionality (SSO Users, Password, Lockout Policy, Identity Source, etc)

Today, vCenter SSO operations can not be Automated through PowerCLI, it would be very useful to expose a module that would provide such capabilities. Below are several articles outline use cases that rely on a CLI that resides on the vCenter Server and ideally, this functionality can be remotely called via an API that PowerCLI can consume

http://www.virtuallyghetto.com/2015/05/vcenter-server-6-0-tidbits-part-9-creating-managing-sso-users-using-dir-cli.html

http://www.virtuallyghetto.com/2015/06/vcenter-server-6-0-tidbits-part-10-automating-sso-admin-configurations.html

http://www.virtuallyghetto.com/2015/06/vcenter-server-6-0-tidbits-part-11-automate-sso-admin-password-change.html

  • William Lam
  • Sep 7 2017
  • Shipped
  • Attach files
  • Admin
    Kamen Nikolov commented
    5 Oct 02:21pm

    We have developed an open source module to allow managing SSO Admin functionality. It's available at: https://github.com/vmware/PowerCLI-Example-Scripts/tree/master/Modules/VMware.vSphere.SsoAdmin

  • Dimitar Milov commented
    30 Sep 01:30pm
  • Dimitar Milov commented
    25 Sep 11:34am

    Hi everybody,

    If you have to set priorities to which SsoAdmin features should be available in PowerShell choosing from below list what are the most needed:

    -PasswordPolicy: Get/Set

    -ExternalDomain: Add/Get

    -LocalOSDomain: Add/Get

    -LocalUser: Get/New/Remove

    -LocalUserPassword: Reset

    -SolutionUser: Get/New/Remove

    -GroupManagement:

    -Cert Managment: New/Get/Delete-Certificate, TrustedCertificate, KnownCertificateChains, New-SignerIdentity

    -ClockTolerance: Get/Set-ClockTolerance

    -STS Settings: DelegationCount, RenewCount, HoKLifetime, BearerTokenLifetime

  • chin woo commented
    17 Sep 02:56am

    This is what I've been looking for, really meaningful

  • Anders Mikkelsen commented
    20 Aug 09:02pm

    This is the last piece missing for standing up an ENTERPRISE ready virtual datacenter fully automated.

  • Forrest Burrows commented
    14 Feb 02:02pm

    This would be a huge improvement for deployments, configuration management, and compliance auditing. It astounds me that this has not been an option. 

  • Jason Hong-Turney commented
    1 Jul, 2018 06:06am

    If I could upvote this 1,000 times, I would.  I could hack this in 6.5 by pulling over a couple of .sh files from a 6.0 install, but it's just not possible so far as I can tell in 6.7.  So much for being able to automate an entire deploy.

  • Morgan Svensson commented
    8 Sep, 2017 07:41am

    This would be really useful. I'm in the process of automating a vSphere installation with PowerCLI and this is the one big piece missing...

  • Steve Kaplan commented
    7 Sep, 2017 11:48pm

    This is actually a big deal, as for things like the vSphere STIG... DISA has a lot of SSO-centric things that can't be automated today... I broke it down on my github repo for doing STIG things: https://github.com/stvkpln/vsphere-stig-powercli