When integrating vCenter Server 8.0 with Microsoft Entra ID (formerly Azure AD), administrators must configure SCIM 2.0 to automate user and group provisioning. Without proper SCIM configuration, users may encounter "Access Denied" or "User Not Found" errors during login, as vCenter cannot locate the identity in its local database to verify permissions.

VMware vCenter Server 8.0 Update 2 and later

Microsoft Entra ID

vCenter Server 8.0 utilizes a "push" model via SCIM 2.0 for external identity providers. vCenter must have a local record of the user/group (including the immutable externalId) to assign and validate permissions. If the externalId (mapped from Entra ID objectId) changes, or if the UPN is improperly mapped/formatted, authentication can fail.

1. Configure SCIM 2.0 provisioning in the Microsoft Entra ID portal according to the following: 
   1. Configure vCenter Server Identity Provider Federation for Microsoft Entra ID
   2. Configuring Microsoft Entra ID for vCenter Server
      
      
2. Verify that the SCIM provisioning status in Entra ID is "Healthy" and that the initial cycle has completed to sync the required users and groups.

If users encounter errors during login see the following KBs for next steps: 

Login to vCenter Server with Entra ID user fails with USER_NOT_FOUND

vCenter OIDC Federation with Microsoft Entra ID (Azure) fails with "Access Denied"