Error: "Invalid access policy" when logging in with VMware Single Sign-On
search cancel

Error: "Invalid access policy" when logging in with VMware Single Sign-On

book

Article ID: 435836

calendar_today

Updated On:

Products

VMware Aria Operations (formerly vRealize Operations) 8.x VCF Operations

Issue/Introduction

  • VMware Single Sign-On has been enabled as an authentication source for Aria Operations for Logs
  • You have configured the endpoint of this authentication source to be your vCenter server, with the intent to log into Aria Operations for Logs using vsphere.local user accounts
  • Clicking "Sign in with SSO" from the login page of Aria Operations for Logs results in the following error message: "invalid access policy"

Environment

Aria Operations for Logs 8.18.x

VCF Operations for Logs 9.0.x

Cause

Using the vCenter server as an authentication provider for vsphere.local is not a tested or supported use case.

Resolution

Per Configuring VMware Single Sign-On:

  • Ensure that the External Identity Provider is configured in the vCenter Server. Currently, supported External Identity Providers for VMware SSO are Okta, Microsoft Entra ID (formerly called Azure AD) and PingFederate. For more information on configuring the vCenter Server Identity Provider, see Configuring vCenter Server Identity Provider Federation.



Powered by Wolken Software