SRM support for two-factor authentication in ADFS and external OAuth2/Identity Providers (IDPs).
Article ID: 371776
Updated On:
Products
VMware Site Recovery Manager 8.x
VMware vCenter Server
VMware Live Recovery
Issue/Introduction
- Unable to log in to the SRM UI with ADFS two-factor authentication
- SRM does not support two-factor authentication in ADFS, but it works with [email protected]
- When the vCenter username and password are entered to log into vSphere Client, the user is redirected to a custom authentication page where a passcode is entered, or it sends a push to a mobile device to complete the login. This works fine for vCenter logins but when fails for Site Recovery UI.
- This only happens with AD accounts, but it works fine with vSphere.local accounts (as these are not redirected for the additional security check).
- When Site Recovery UI is accessed via the plugin in vCenter, SRM UI does not accept auto login of domain accounts when ADFS/Azure AD is configured. However, manual login works with the same account. The issue is not seen when AD over LDAP/s is configured.
- VLSR does not authenticate users configured with MFA but it works with users without MFA
Environment
- vCenter 7.x
- vCenter 8.x
- vCenter 9.x
- VMware Site Recovery Manager 8.x
- VMware Site Recovery Manager 9.x
- VMware Live Recovery
Cause
Site recovery UI does not support ADFS/Azure AD for non-VMC environments.
Resolution
This is working as designed. Currently, SRM does not support ADFS/Azure two-factor authentication or configuring SRM with external OAuth2/Identity Providers (IDPs).
Additional Information
NOTE: Azure Multi-Factor Authentication (MFA) is a security feature that adds an extra layer of protection to your Azure account by requiring more than one verification method for sign-in. It helps prevent unauthorized access, even if your password is compromised. MFA is a core component of a strong identity and access management (IAM) policy
Feedback
Yes
No
Powered by
