After configuring Entra ID as a valid identity source, login via "Sign in with local account" allows login bypassing Entra ID
search cancel

After configuring Entra ID as a valid identity source, login via "Sign in with local account" allows login bypassing Entra ID

book

Article ID: 422002

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Entra ID has been successfully configured, logging in with SSO succeeds.
  • In vSphere Web Client, the option for "Sign in with local account" allows a user to login using their domain credentials.

Environment

  • vCenter 8.x

Cause

During Entra ID configuration, the option to configure "Password Grant Enablement" which allows for service accounts to continue to login to vCenter and services.  This also allows login using the local account option that would bypass Entra ID.

Resolution

To disable Password Grant Enablement, follow the steps to disable the slider for that option in Entra ID configuration.

  1. Log in to the Azure Admin console and follow the documentation
  2. Go to App > Manage > Authentication and disable the slide for App collects plaintext password (Resource Owner Password Credential Flow) 
Powered by Wolken Software