SDDC Manager 5.x

VMware Cloud Foundation 9.x

This is caused due to a incorrect parameter mapping in the SDDC Manager UI where the secret generation workflow defaults to a 180-day token lifecycle, bypassing user-specified expiration configuration.

This is a known issue and Broadcom Engineering is working towards a permanent fix for this issue in future release.

This issue is not seen on vCenter Server UI (8.x) or VCF Operations UI (9.x) and can be leveraged to configure the Identity Provider.

• vCenter Server 8.x: Configure vCenter Server Identity Provider Federation for Microsoft Entra ID
• vCenter 9.x: Configure Microsoft Entra ID as an Identity Provider

Refer to the below steps to generate the Secret using SDDC Manager API

1. Log in to the SDDC Manager using admin privilege (SSO Administrator)
   
   
   1. Navigate to Developer Center -> API Explorer
   2. Under the API Categories navigate to Identity Providers
   3. Expand GET /v1/identity-providers and click EXECUTE
   4. Copy the output for "IdentityProvider (Entra)" to a text editor
   5. Copy the value for id
   6. Under the same section scroll down to POST /v1/identity-providers/{id}/sync-client
   7. Expand the same and enter the value for id captured in step 5. Under the section for syncClientTokenTTL, enter the timespan desired in minutes (365 days = 525600 minutes)
   8. Download or Copy the response
      
      
2. Navigate to Administration -> Single Sign On -> Identity Provider
3. Proceed with the configuration of Identity Provider