UCF STIG Viewer Logo

The vCenter Server must implement Active Directory authentication.


Overview

Finding ID Version Rule ID IA Controls Severity
V-243079 VCTR-67-000009 SV-243079r719480_rule Medium
Description
The vCenter Server must ensure users are authenticated with an individual authenticator prior to using a group authenticator. Using Active Directory for authentication provides more robust account management capabilities.
STIG Date
VMware vSphere 6.7 vCenter Security Technical Implementation Guide 2022-01-04

Details

Check Text ( C-46354r719478_chk )
From the vSphere Web Client, go to Administration >> Single Sign-On >> Configuration.

Click the "Identity Sources" tab.

If there is no identity source of type "Active Directory" (either Windows Integrated Authentication or LDAP), this is a finding.
Fix Text (F-46311r719479_fix)
From the vSphere Web Client go to Administration >> Single Sign-On >> Configuration.

Click the "Add identity source".

Select either "Active Directory over LDAP" or "Active Directory (Windows Integrated Authentication)" and configure appropriately.

Note: Windows Integrated Authentication requires that the vCenter server be joined to AD before configuration via Administration >> Single Sign-On >> Configuration >> Active Directory Domain.