Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-243079 | VCTR-67-000009 | SV-243079r719480_rule | Medium |
Description |
---|
The vCenter Server must ensure users are authenticated with an individual authenticator prior to using a group authenticator. Using Active Directory for authentication provides more robust account management capabilities. |
STIG | Date |
---|---|
VMware vSphere 6.7 vCenter Security Technical Implementation Guide | 2022-01-04 |
Check Text ( C-46354r719478_chk ) |
---|
From the vSphere Web Client, go to Administration >> Single Sign-On >> Configuration. Click the "Identity Sources" tab. If there is no identity source of type "Active Directory" (either Windows Integrated Authentication or LDAP), this is a finding. |
Fix Text (F-46311r719479_fix) |
---|
From the vSphere Web Client go to Administration >> Single Sign-On >> Configuration. Click the "Add identity source". Select either "Active Directory over LDAP" or "Active Directory (Windows Integrated Authentication)" and configure appropriately. Note: Windows Integrated Authentication requires that the vCenter server be joined to AD before configuration via Administration >> Single Sign-On >> Configuration >> Active Directory Domain. |