Before you can use SAML 2.0-based SSO, you must configure your corporate IdP solution and vCloud Air environment to trust each other.

This section provides an overview of the steps.

1

vCloud Air provisions a new environment.

2

You will receive an email from vCloud Air containing the credentials to access your new environment. Here's an example of your new environment URL: https://tW-vcd.vchs.vmware.com/cloud/org/demo-vdc/.

3

Login as an Org Administrator to your vCloud Air environment using the credentials provided and update your password.

4

Replace the IdP metadata in Org federation settings.

5

Map your Active Directory groups to vCloud Air roles in Org.

6

Get Org SP metadata and add it to your on-premises IdP.

7

Configure claim rules for user email address and groups to be sent in the SAML token.

8

Test the identity federation by logging into your IdP.

Note

Here are examples of login URLs:

For a federated identity user: https://tW-vcd.vchs.vmware.com/cloud/org/demo-vdc/

For a local user: https://tW-vcd.vchs.vmware.com/cloud/org/demo-vdc/login.jsp

Remember to append login.jsp for your local login.