• When selecting "Sign in with SSO" in VMware Aria Operations for Logs, the authentication request redirects to a Workspace ONE Access (vIDM) URL (e.g., https://[vCenter-FQDN]/federation/lt/CUSTOMER/auth/login).
• The login fails with the error: "Workspace ONE Access encountered an error. Message: Invalid access policy."
• Workspace ONE authentication is disabled in the Aria Operations for Logs UI.
• The vidm authentication method has been manually removed from /storage/core/loginsight/config/loginsight-config.xml, but the redirect persists.

VMware Aria Operations for Logs 8.18.x

This behavior occurs because Aria Operations for Logs redirects based on the Identity Provider (IdP) configuration detected in the connected vCenter Server. Even if vIDM is disabled in the Logs interface, if vCenter is configured with an external federation or a specific IdP that points to Workspace ONE, the authentication flow follows that path. 

VMware SSO will work with Aria Operations for Logs only if a compatible provider is correctly configured on the vCenter side.

1. Log in to the vCenter Server as a user with Administrator privileges.
2. Navigate to Administration > Single Sign-On > Configuration.
3. Select the Identity Provider tab.
4. Verify if a third-party Identity Provider (such as Okta, Azure AD, or Workspace ONE) is set as the default or active provider.
5. In Aria Operations for Logs, ensure the vCenter integration is refreshed after making changes to vCenter's SSO configuration:
   • Navigate to Administration > Integration > vSphere.
   • Re-authenticate the connection to sync the latest SSO metadata.