How to Identify All Users and Service Accounts with Access to VMware vCenter Server (VCSA)
Article ID: 414858
Updated On:
Products
Issue/Introduction
In many VMware environments, administrators need a comprehensive list of users who have access to vCenter Server. Some examples of reasons are to implement multi-factor authentication (MFA), audit permissions, or manage service accounts.
Access to vCenter can be granted through various methods:
-
API requests
-
vSphere Web Client (GUI)
-
Shell/command line
Users may include:
-
Local accounts created directly in vCenter
-
Active Directory (AD) or LDAP(S) users
-
Service accounts for integrations
While some user details are visible in the vCenter Web Client, there is no single pane of glass to view all users across identity sources in most standard deployments.
Resolution
To identify users with access to vCenter Server, follow these steps in the vSphere Web Client:
- View Local Users and Groups in the vSphere Client
Navigate to: Administration > Single Sign-On > Users and Groups
-
Users tab: Displays local accounts created within vCenter.
-
Groups tab: Often includes service accounts and AD users. Click Edit on any group to view its members.
-
- Check Identity Providers
Navigate to: Administration > Single Sign-On > Configuration > Identity Provider tab
-
This section lists external identity sources such as Active Directory or LDAP(S).
-
These sources allow users to authenticate even if they aren’t listed directly in the Users and Groups section.
-
-
Collaborate with Directory Admins
-
Request membership lists from AD or LDAP(S) administrators.
-
These lists will show which users or groups are mapped to vCenter roles and permissions.
-
Additional Information
For deeper insight into user management in vCenter, refer to Broadcom’s official documentation:
Feedback
