MS Entra ID Identity Source Provider (IdP) configured on the VC node(s).

• When logged into SDDC manager using local admin account, alarm message listed “This VCF upgrade has Microsoft Entra Id is pre configured identity Provider at vCenter. Use remediate option to register SDDC Manager as relying party”, with button at right available to “REMEDIATE”. Pressing button seems to have no affect.

   

SDDC Manager - 5.2.1.2

VC nodes configured with MS Entra ID IdP instead of on SDDC manager.

• Per notes in VCF 5.2 - Configure Microsoft Entra ID as the Identity Provider in the SDDC Manager UI.

• “Do not use the vSphere Client to configure Microsoft Entra ID as the identity provider for any VI workload domain vCenter Server that is part of the ELM group.”

Customer needs to discuss with their teams to determine what level of access they want their Entra ID users to have.

• If wanting users to have the level of access from the SDDC manager down (Management domain), need to remove the current Entra ID IdP config from the single VC (which should sync between any linked VCSAs), and then should be able to configure Entra ID on the SDDC Manager.

• If not wanting/needing Entra ID users to have access to the SDDC manager/management domain, should not need to make any changes to the current config.

If it is decided to make the changes to the configuration, do the following.

• Take proper offline snapshots of the linked VCSAs
• Make sure you are able to log into the vSphere client with the local SSO admin account ([email protected] [or custom domain if set]).
• Remove the MS Entra ID IdP configuration from the single VC (which should sync between any linked VCSAs).
• If after removing Entra ID from the VC(s), SDDC manager still sees the VC as being configured with Entra ID, it may be necessary to reboot the SDDC manager, in order for the SDDC manager to know it can be configured with the IdP.