Integrating the single sign on (SSO) service with NSX improves the security of user authentication for vCenter users and enables NSX to authenticate users from other identity services such as AD, NIS, and LDAP.

With SSO, NSX supports authentication using authenticated Security Assertion Markup Language (SAML) tokens from a trusted source via REST API calls. NSX Manager can also acquire authentication SAML tokens for use with other VMware solutions.

SSO service must be installed on the vCenter Server.

NTP server must be specified so that the SSO server time and NSX Manager time is in sync. See Edit the NSX Manager Date and Time.


Log in to the NSX Manager virtual appliance.


Under Appliance Management, click Manage Settings.


Click NSX Management Service.


Click Edit next to Lookup Service.


Type the name or IP address of the host that has the lookup service.


Change the port number if required. The default port is 7444.

The Lookup Service URL is displayed based on the specified host and port.


Type the vCenter administrator user name and password (for example, administrator@vsphere.local).

This enables NSX Manager to register itself with the Security Token Service server.


Click OK.

Confirm that the Lookup Service status is Connected.

Assign a role to the SSO user.