Logins for users in the Protected Users Group fail in vIDM with a "User OU password incorrect" error

search cancel

Logins for users in the Protected Users Group fail in vIDM with a "User OU password incorrect" error

book

Article ID: 397202

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Symptoms:

Users in the Protected Users Group in Active Directory cannot log in to vIDM.

Other users are can log in normally.

The users are logging in using the built-in Identity Provider in vIDM

Environment

vIDM 3.3.7

Cause

Members of the Protected Users group can only authenticate using Kerberos with Advanced Encryption Standards (AES).

This authentication method is not available on the built-in IDP of vIDM.

Resolution

Workaround:

To enable authentication for users in the protected users Group, you can configure a third party IDP like OKTA, Azure AD, Ping or similar.
This way, it is possible to both authentication methods, password-protected and Kerberos AES, for authentication.
Then update the default access policy methods to reflect the requiremnents.

Feedback

thumb_up Yes

thumb_down No