Authenticating Through vCenter Server and vCenter Single Sign-On

For all ESXi hosts that are managed by a vCenter Server system that is integrated with vCenter Single Sign-On 6.0 and later, you can authenticate directly to the vCenter Server system, or you can authorize to vCenter Server through vCenter Single Sign-On.

Best practice is to authenticate through vCenter Single Sign-On. The vCenter Single Sign-On service is included in the Platform Services Controller. The Platform Services Controller can be embedded in your vCenter Server installation, or one Platform Services Controller can handle authentication, certificate management, and some other tasks for multiple vCenter Server systems.

Note You cannot use this approach if vCenter Server is integrated with vCenter Single Sign-On 5.0.

You use the --psc option and, optionally, the --server option.

■	psc - Specifies the Platform Services Controller instance associated with the vCenter Server system that manages the host.

■	server - Specifies the vCenter Server system that manages the host. Required if the Platform Services Controller instance is associated with more than one vCenter Server system.

■	vihost - Specifies the ESXi host, as in earlier versions of vCLI.

Examples

vicfg-nics -l --username <sso_username> --password "<admin_pwd>" --server <vc_HOSTNAME_OR_IP> --psc <psc_HOSTNAME_OR_IP> --vihost <esxi_HOSTNAME_OR_IP>

esxcli --server <vc_HOSTNAME_OR_IP> --vihost <esxi_HOSTNAME_OR_IP> --username <USERNAME> --password <PASSWORD> --psc <psc_HOSTNAME_OR_IP> hardware clock get

If the specified user is known to vCenter Single Sign-On, a session is created. You can save the session with the --savesessionfile argument, and later use that session with the --sessionfile argument. For example, you can save the session by running this command:

vicfg-nics -l --username <sso_username> --password "<admin_pwd>" --server <vc_HOSTNAME_OR_IP> --psc <psc_HOSTNAME_OR_IP> --vihost <esxi_HOSTNAME_OR_IP>

Using a session file results in less overhead and better performance than connecting to the Platform Services Controller repeatedly.