How To Configure vCAC's Embedded vCO To Allow Domain Account Login

If you’re reading this article, it may be because you have installed vCloud Automation Center (vCAC) and are interested in using an account other than administrator@vsphere.local to login to the embedded vCenter Orchestrator (vCO) server. By default, the vCO Server uses a “vcoadmins” group in the “vsphere.local” domain provided by the SSO server that vCAC was configured to use. This short tutorial will step you through a pretty basic configuration where I have just deployed a vCAC 6.x appliance and wish to use my domain account for vCO login.

NOTE: Article updated Jan 26, 2015

Prepare Active Directory

This article assumes the use of Active Directory since we are attempting to allow a Domain account to login to the vCO client. As such, we need a group for our vCO Administrators.

  • Create a vCO Administrators group (vcoadministrators for example) in Active Directory
  • Add domain accounts that you wish to allow them to login to vCO

Once an AD Group has been defined for this use, that group needs to be added to your SSO server’s vcoadmins@vsphere.local group.

Login To vSphere Web Client using your SSO admin account (by default this will be administrator@vsphere.local)

  • Click the Administration link
  • Under “Single Sign-On”, click Configuration
  • In the middle pane, click the “Identity Sources” tab and confirm your domain containing the group you created has been added. If it is not there, add it
  • Under “Single Sign-On”, click Users and Groups
  • In the middle pane, click the “Groups” tab and select the “vcoadmins” group (Note: The center column of the groups table should show that the group comes from vsphere.local)
  • In the bottom pane, click the “Add Member” icon (blue person with green + next to it)
  • In the “Add Principals” pop-up window, select your domain added earlier
  • For Users and Group, locate and select your “vcoadministrators” group created at the beginning of this article
  • Click the Add button, then click OK

Now Restart the Orchestrator Server Service


Now that you have reconfigured the group for your vCO Administrators, you must restart the vCO Server Service in order for the changes to be applied:

  1. Click the “Startup Options” tab on the left
  2. Click the “Restart service” link on the right -3. After a few moments, the “Server is restarted” message should appear on the page

Wait another two minutes or so before attempting to login using your vCO Client

Login to vCO Client Using Domain Account


As you can see above, I am now able to login to my vCAC embedded vCO Server using my domain credentials!