Starting with vSphere 7.0, Federated Identity is supported for all authentication use cases with AD FS. While Active Directory will still be supported for authentication, it is recommended to use AD over LDAP or Identity Federation with AD FS for authentication for vCenter Server and ESXi. As such, if IWA fails to authenticate, configure the identity source as AD over LDAP.
What does Deprecation of IWA mean for 7.0?
Support for IWA continues to be available in vSphere 7.0 or later and will be phased out in a future release. Although IWA can still be configured, we highly recommend using AD over LDAP or Federated Identity (AD FS).
* Active Directory over LDAP and OpenLDAP Server Identity Source Settings https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-98B36135-CDC1-435C-8F27-5E0D0187FF7E.html
"The Active Directory over LDAP identity source is preferred over the Active Directory (Integrated Windows Authentication) option."
When will support be removed?
Support for IWA will be removed in a future release of vSphere.
What will happen when I upgrade my vCenter?
Migrating to vSphere 7.0 or later will retain IWA settings with no change in authentication functionality.