A user logs in to vCenter Server as an administrator and is unable to view Single Sign On Configuration. Which vCenter Single Sign On group should the administrator belong to, to view Single Sign On Configuration?
There are users, roles, and groups. This question says "which group." The only group with SSO privileges is:
Administrators - Administrators of the VMware Directory Service (vmdir). Members of this group can perform vCenter Single Sign-On administration tasks.
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.psc.doc/GUID-87DA2F34-DCC9-4DAB-8900-1BA35837D07E.html
This suggests B.
For those of you who have integrated vSphere w/AD and given a user and group Administrative access to vSphere, you will have noticed that though you might have admin access, you still can't get to the SSO sections if you don't use [email protected]. This is because this section requires a special type of permission, so you can have SystemConfiguration.Administrators access, but still not access the SSO section.
Reference this link and view the difference between SystemConfiguration.Administrators and Administrators:
https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.psc.doc/GUID-87DA2F34-DCC9-4DAB-8900-1BA35837D07E.html
Notice hos Administrators has this specific text:
"Members of this group can perform vCenter Single Sign-On administration tasks."
The SystemConfiguration.Administrators section does not even mention SSO.
SystemConfiguration.Administrators Members of the SystemConfiguration.Administrators group can view and manage the system configuration in the vSphere Web Client. These users can view, start and restart services, troubleshoot services, see the available nodes, and manage those nodes.
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.psc.doc/GUID-87DA2F34-DCC9-4DAB-8900-1BA35837D07E.html
But yes, the answer is B.
Note: The SSO Security Groups include the Administrators (in vSphere 5.5 and 6.0), ComponentManager.Administrators, SystemConfiguration.Administrators, LicenseService.Administrators for vSphere 6.0, located at: Administration > Single Sign-On I> Users and Groups > Groups > Administrators group. I believe the answer is correct,
it 'should' be B if you didn't change anything in the default groups configuration, the Administrator group is member in SystemConfiguration.Administrators group when you have a fresh install (I have it in front of me right now).
But as it does not deny or confirm that the group settings have changed, the right answer is C (SystemConfiguration.Administrators group)
Definitely C.
The key word here is: 'to VIEW single sign on configuration'
Read the article linked by techevange and others and look at the entries for both 'SystemConfiguration.Administrators' and for 'Administrators'.
Both B & C would allow this permission, however the Administrators group would give them access to EVERYTHING. If you only want to give 'view' access (as the question asks), you only need to give them access to the 'SystemConfiguration.Administrators' group.
Update:
Question is "Which vCenter Single Sign On group should the administrator belong to", key word is "SSO group", and according to https://kb.vmware.com/s/article/2120255 under "To access the Single Sign-On Administration Section" section, you have to be in "Administrators" group.
To access the "System Configuration" Section, you have to be member of "SystemConfiguration.Administrators Group", how ever in order to edit "SystemConfiguration.Administrators Group" you have to ensure that your user account has Single Sign-On Administration permissions (which is top part).
The key word here is: 'to VIEW single sign on configuration'
Look at the entries for both 'SystemConfiguration.Administrators' and for 'Administrators'.
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.psc.doc/GUID-87DA2F34-DCC9-4DAB-8900-1BA35837D07E.html
Both B & C would give this permission, however the Administrators group would give them access to EVERYTHING. If you only want to give 'view' access (as the question asks), you only need to give them access to the 'SystemConfiguration.Administrators' group.
Correct answer is C.
B is correct. To access the Single Sign-On Administration Section
Log in to the vSphere Web Client with the [email protected]
Navigate to Administration > Single Sign-On > Users and Groups
Under vCenter Users and Groups, select the Groups tab
Locate the Administrators Group
Under Group Members, click Add member () icon
In the Add Principals window, select the appropriate domain for your user under the Domain drop-down
Locate your user
Uncle Ramin Rijswijk
From this KB:
You must be a member of the SystemConfiguration.Administrators group in vCenter Single Sign-On to access System Configuration.
So the correct answer is C
The question asks:
A user logs in to vCenter Server as an ->"administrator"<- and is unable to view Single Sign On Configuration.
So the user is already an administrator therefore D is incorrect and C is the correct answer.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
lknr
Highly Voted 4 years, 12 months agoshahidrafiq
Highly Voted 5 years, 3 months agoJoeTech88
Most Recent 3 years, 7 months agobeltagyy
4 years agomarcusaurelius124
4 years, 8 months agohenzoo
4 years, 9 months agoMarianoD
4 years, 9 months agobdsaifcse
4 years, 10 months agoJoeTech88
3 years, 7 months agoStevieJ
4 years, 11 months agodrPlex
5 years agotechevange
5 years, 1 month agoreeeba
5 years, 1 month agoRass2
5 years, 1 month agoVinythepat
5 years, 4 months agoVinythepat
5 years, 4 months agoreeeba
5 years, 1 month ago[Removed]
4 years, 6 months agoMunch
5 years, 1 month agoJamshid
5 years, 4 months agoboga404
5 years, 5 months agodowney
5 years, 5 months agoAlekZandre
5 years, 5 months agovs2
4 years, 11 months agoALF4
5 years, 6 months agoksandbergfl
5 years, 4 months ago