vRealize Orchestrator supports several authentication methods.

 vRealize Orchestrator supports the following authentication methods:

vRealize Automation Authentication

vSphere Authentication

vCenter Single Sign-On Authentication (SSO Legacy)

vRealize Automation Authentication utilizes the vRealize Automation component registry for authentication.

vSphere Authentication utilizes the Platform Service Controller in vSphere 6.0 and 6.5 environments.

vCenter Single Sign-On Authentication utilizes the vSphere Legacy SSO in vSphere 5.5 environments.

The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are not supported. Multiple domains that have two-way trust, but are not in the same tree, are not supported and do not work with vRealize Orchestrator.

vRealize Orchestrator Directory Service Design Decision

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-CMP-VRO-02

Configure all vRealize Orchestrator instances within the SDDC to use vRealize Automation authentication.

LDAP is being depreciated. Supports existing design setup utilizing Active Directory services.

This design does not support local authentication for vRealize Orchestrator.

SDDC-CMP-VRO-03

Configure vRealize Orchestrator to utilize the vRealize Automation customer tenant for authentication.

The vRealize Automation Default Tenant users are only administrative users. By connecting to the customer tenant, workflows executing on vRealize Orchestrator may execute with end-user granted permissions.

End-users who will execute vRealize Orchestrator workflows will be required to have permissions on the vRealize Orchestrator server.

Some plug-ins may not function correctly using vRealize Automation Authentication.

SDDC-CMP-VRO-04

A vRealize Orchestrator installation will be associated with only one customer tenant.

To provide best security and segregation between potential tenants, vRealize Orchestrator installation are associate with a single tenant.

If additional vRealize Automation Tenants are configured, additional vRealize Orchestrator installations will be needed.