Deprecation of Integrated Windows Authentication
search cancel

Deprecation of Integrated Windows Authentication

book

Article ID: 314324

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

This article provides information on the deprecation of the Integrated Windows Authentication (IWA) in a future release of vSphere.

Environment

VMware vSphere 7.0.x

Resolution

Starting with vSphere 7.0, Federated Identity is supported for all authentication use cases with AD FS. While Active Directory will still be supported for authentication, it is recommended to use AD over LDAP or Identity Federation with AD FS for authentication for vCenter Server and ESXi. As such, if IWA fails to authenticate, configure the identity source as AD over LDAP.

What does Deprecation of IWA mean for 7.0?
Support for IWA continues to be available in vSphere 7.0 or later and will be phased out in a future release. Although IWA can still be configured, we highly recommend using AD over LDAP or Federated Identity (AD FS).

* Active Directory over LDAP and OpenLDAP Server Identity Source Settings https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-98B36135-CDC1-435C-8F27-5E0D0187FF7E.html

"The Active Directory over LDAP identity source is preferred over the Active Directory (Integrated Windows Authentication) option."

When will support be removed?
Support for IWA will be removed in a future release of vSphere.

What will happen when I upgrade my vCenter?
Migrating to vSphere 7.0 or later will retain IWA settings with no change in authentication functionality.

Additional Information