After we have created our first tenant the next step will be to integrate user authentication via Active Directory. To being doing so, we must first log in to our default tenant as our tenant administrator. Navigate to https:// FQDN of vRA Appliance/vcac/org/vsphere.local. Enter in the username and password of the tenant administrator.
Navigate to Administrator > Directories. Click Add Directory.
Enter in a name for the directory. Select Active Directory (Integrated Windows Authentication). In the Sync Connector drop down, select the vRA appliance name.
Now under the Join Domain Details section, enter the name of the domain and a username and password of a Domain Admin. For the Bind User UPN, enter in a Domain Admin account using the format email@example.com. Enter the password for that user and click Save & Next.
Select the domain. Click Next.
Here we can make changes to user attributes that will be synced in the directory. We will leave everything at the default value. Click Next.
Here, we will specify what users we want to sync with the directory. You can make this as granular as you want and you can add multiple user DNs. I want to sync the entire domain so will enter the domain DN. Click Save.
Do the same thing for the groups that you want to sync. Click Save
Now that we have what users and group we want, we can click Save and Sync and let the directory sync begin. Depending on how big your Active Directory structure is, this could take a while but once its done the initial sync, all syncs afterward will only be delta syncs. So when you add a user to a group that is already synced as a part of your vRA directory users, it will only add the new user and not have to sync the entire group. By default, directory syncs occur once a week. That setting can be changed later under Administration > Directories > Your Directory Name > Sync Settings > Sync Frequency.
This is just to let you know that they sync will work in the background as you continue to work within the console.
Once your sync is complete, you can begin by adding Active Directory users to Tenant and IaaS administrators, Fabric administrators and business groups, and custom groups.
That’s it! Now when you navigate to a tenant URL you can select your domain to sign into vRA with a domain user.