When attempting to create a vSphere Cloud Account in VMware Aria Automation for a vCenter Server environment configured with Okta as a federated identity provider (IDP), the validation fails.

The provisioning-service-app.log will show the following error when creating the cloud account: 'Failed to validate credentials. Error: Failed to connect to vCenter Error: Cannot login due to incorrect user name or password'.

This issue is present even when a service account is configured in vCenter for MFA bypass and the user can successfully log into the vCenter web user interface with the Okta-federated account.

Aria Automation 8.x

vSphere 7.x/8.x

VMware Aria Automation does not support using an Okta-federated domain user account to create a vSphere Cloud Account.

While vCenter Server supports IDP federation for UI-based logins, the API authentication methods used by VMware Aria Automation for Cloud Account validation and subsequent enumeration do not support this configuration.

You must use a local vSphere account (e.g., a vsphere.local service account) or a traditional service account that is not integrated with the Okta federated IDP for creating the vSphere Cloud Account in VMware Aria Automation.

1. Use a vSphere local account (e.g., an account created through the vCenter web UI under the vsphere.local domain) to configure the Cloud Account.

2. Ensure this account's authentication is not utilizing any SSO/MFA/AD domain integration's or configurations.

3. The local service account will connect successfully because it uses a locally configured account

•This limitation primarily affects accessing vCenter using the domain user account via API (i.e., vRA cloud account integration), even though the same account may work for web UI login.
•The vSphere Cloud Account and enumeration should work correctly when using a local service account.
•Refer to the product documentation for the correct process for creating a vCenter Cloud Account using a supported service account.

Create a basic vCenter cloud account in VMware Aria Automation
https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-automation/8-18/assembler-on-prem-using-and-managing-master-map-8-18/maphead-set-up-organization/maphead-what-are-cloud-accounts/create-a-vcenter-cloud-account.html 

Add a vSphere cloud account
https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-automation/8-18/vro-using-plug-ins-8-18/configuring-the-vra-plug-in/vra-plug-in-infrastructure-workflows/add-a-vsphere-cloud-account.html 

Adding cloud accounts to Automation Assembler
https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-automation/8-18/assembler-on-prem-using-and-managing-master-map-8-18/maphead-set-up-organization/maphead-what-are-cloud-accounts.html