1) Log in to the SDDC Manager UI as a user with the ADMIN role

2) In the navigation pane, click Administration > Single Sign On.

3) Click Identity Provider.

4) Click Change Identity Provider and select Microsoft Entra ID.

5) Click Next.

6) In the Prerequisites panel review and confirm the prerequisites.

7) Click Run Prechecks to ensure that the system is ready to change identity providers. If the precheck finds errors, click View Details and take steps to resolve the errors as indicated.

8) In the Directory Info panel, enter the following information.

 

- Directory Name: Name of the local directory to create on vCenter Server that stores the users and groups pushed from Microsoft Entra ID. For example, vcenter-entra-directory.

- Domain Name(s): Enter the domain names that contain the Microsoft Entra ID users and groups that want to synchronize with vCenter Server.
After entering a domain name, click the Plus icon (+) to add it. If entering multiple domain names, specify the default domain.

9) Click Next.

10) In the OpenID Connect Configuration panel, enter the following information.

- Redirect URIs: Filled in automatically. Give the redirect URI to Microsoft Entra ID administrator for use in creating the OpenID Connect application.
- Identity Provider Name: Filled in automatically as Entra.
- Client Identifier: Obtained when it created the OpenID Connect application in Microsoft Entra ID. (Microsoft Entra ID refers to Client Identifier as the Client ID.)
- Shared Secret: Obtained when it created the OpenID Connect application in Microsoft Entra ID. (Microsoft Entra ID refers to Shared Secret as the Client Secret.)
- OpenID Address: Obtained when it created the OpenID Connect application in Microsoft Entra ID. (Microsoft Entra ID refers to OpenID Address as the OpenID Connect metadata document).

11) Click Next.

12) Review the information and click Finish.

 

Follow the article to renew expiring secret token Microsoft Entra ID