The vCenter APIs used to list or report information on users and groups are not supported by federated identity sources. These APIs include, but are not limited to, GroupChecker and PrincipalDiscovery.

For example, this means that the powershell cmdlet Get-VIAccount cannot function with federated identity sources in VCF 9.0.

vCenter 9.0 with a federated identity source.

This configuration was typically used to support legacy user/group enumeration via PowerCLI or API calls. This is no longer supported.  

Instead of calling vCenter APIs to obtain user and group information from the federation provider, call the federation provider directly.

ADFS

• Use the Microsoft Active Directory module for PowerShell.  This includes commandlets such as Get-User and Get-ADGroup.  For more information, see https://learn.microsoft.com/en-us/powershell/module/activedirectory/?view=windowsserver2025-ps.

Okta

• Use Okta's PowerShell Module.  For more information, see https://developer.okta.com/blog/2024/05/07/okta-powershell-module 

Azure EntraID

• Use the Microsoft Entra PowerShell PowerShell module.  For more information, see https://learn.microsoft.com/en-us/powershell/entra-powershell/?view=entra-powershell.

For more information, see the documentation for your federation provider.