If you find your vCenter can’t edit SSO because the options are all greyed out, how to fix this issue? This article showed you the solution and the steps to properly edit a vCenter Single Sign-On user.
Hi, I just wanted to change the credentials for one of my Identity Sources. I'm logged in with Administrator@vsphere.local. Unfortunately, everything is greyed out. Also all icons within "Users and Groups" are greyed out. I'm therefore not able to change anything ...
- Question from communities.vmware.com
Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords, or in some configurations seamlessly sign on at each system.
With vCenter Single Sign-On (SSO), you can access everything you need through the virtual infrastructure with a single username and password, which makes the authentication process simpler and faster. To start with this feature, you need to add and manage vCenter Single Sign-On Administrator users and groups.
However, sometimes you may find that the Edit option is greyed out so you can’t edit, add or delete a vCenter Single Sign-On user. So, how to fix administrator vCenter can't edit SSO greyed out? This article will present you a solution summarized from other users who have also experienced it, and present you how to properly edit a vCenter Single Sign-On user.
In general, if you find that your edit vCenter roles option greyed out, and you can't add a privilege to a role, it may because you are not logging on as administrator@vsphere.local or the browser have some compatibility issue.
You can fix this by logging on as administrator@vsphere.local or try other browsers or the Flash Client.
However, if you are already logged in as administrator and find that all icons in Users and Groups tab are grayed out and the Administrators group is missing from SSO, but you still cannot create any administrator groups.
In this case, you may need to uninstall and reinstall the SSO components, and then repointing the inventory service and vCenter server.
The steps to re-registering the vCenter Inventory Service to embedded SSO:
1. Log in to the vCenter Server Appliance via SSH using the Root account.
2. Change into the register-hooks directory on the appliance using this command:
cd /etc/vmware-sso/register-hooks.d
3. Run this command from this directory, filling in the appropriate FQDN of the appliance as well as the administrator@vsphere.local password:
./02-inventoryservice --mode install --ls-server https://:7444/lookupservice/sdk --user administrator@vsphere.local --password
4. If successful, this must generate an output similar to and the Inventory Service must now be functional in the vSphere Web Client:
======
Intializing registration provider...
Getting SSL certificates for :7444/lookupservice/sdk
Anonymous execution
Successfully saved SSO locations and certificates
Return code is: Success
Creating SSO principal for vCenter Server
Intializing registration provider...
Getting SSL certificates for :7444/lookupservice/sdk
Solution user with id: {Name: inventory-service-3b48d115-4cbc-4504-9c45-2ebf2c6b08c4, Domain: vsphere.local} successfully registered
Successfully assigned role "RegularUser" to user "{Name: inventory-service-3b48d115-4cbc-4504-9c45-2ebf2c6b08c4, Domain: vsphere.local}"
Return code is: Success
Registering vCenter Server into the service catalog
Intializing registration provider...
Getting SSL certificates for :7444/lookupservice/sdk
Service with name 'inventory-service-3b48d115-4cbc-4504-9c45-2ebf2c6b08c4' was registered with ID: 'local:c89635d7-3285-48b1-9e5e-1d80f5d2f81a'
Appending serviceId to file
Return code is: Success
Updating vCenter Server configuration
======
For more details you can refer to the official document: Re-pointing and re-registering VMware vCenter Server Appliance 5.5.x and components
1. Access the vSphere Client to the vCenter Server, and specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.
Note: If you specified a different domain during installation, log in as administrator@ . mydomain
2. Navigate to Home > Administration, and click Users and Groups under Single Sign-On from the left inventory.
3. Click Users tab on the vCenter Single Sign-On user configuration UI.
4. Click on Actions button and select Edit User from the dropping menu.
5. Edit the user attributes according to your needs.
Note: You cannot change the user name of the user. And the password must meet the password policy requirements for the system.
6. Click OK to save the change.
vCenter Server is a very convenient official platform for centrally managing ESXi virtual environments and large numbers of VMs on it. A single vCenter Server instance can support a maximum of 1,000 hosts, 10,000 powered-on virtual machines and 15,000 registered virtual machines.
However, vCenter Server does not provide the feature of virtual machine backup. And that makes backup software a commonly accepted choice. Here I introduce you to a VMware backup software AOMEI Cyber Backup, it enables you to backup multiple VMs either managed by vCenter Server, or on a standalone ESXi host.
✦ Agentless Backup: create complete and independent image-level backup for VMware ESXi and Hyper-V VMs. ✦ Batch VM Backup: batch backup large numbers of VMs managed by vCenter Server, or multiple VMs on a standalone ESXi host. ✦ Multiple Storage Destinations: backup to local drive, or network destinations like Windows share or NAS. ✦ Automated Execution: create backup schedules to automate backups daily, weekly, monthly.
Next, I will show you how to backup multiple VMware ESXi VMs via AOMEI Cyber Backup. You can click the following button to download the 30-day free trial.
*You can choose to install this VM backup software on either Windows or Linux system.
1. Bind Devices: Access to AOMEI Cyber Backup web client, navigate to Source Device > VMware > + Add VMware Device to Add vCenter or Standalone ESXi host. And then click … > Bind Device.
2. Create Backup Task: Navigate to Backup Task > + Create New Task, and then set Task Name, Backup Type, Device, Target, Schedule, and Cleanup.
3. Run Backup: Click Start Backup and select Add the schedule and start backup now, or Add the schedule only.
Created backup tasks will be listed and monitored separately, for restoring, progress checking and schedule changing.
When restoring, you can also restore to new location to create a new VM in the same or another datastore/host directly from the backup, saving the trouble of re-configuring the new VM.
vCenter Single Sign-On (SSO) is a feature that effectively makes the authentication process simpler and faster. Configuring vCenter Single Sign-On is only possible through the vSphere web client. However, sometimes you may find that the Edit option is grayed out to prevent you from editing the user.
This article summarized a solution to deal with the administrator vCenter can’t edit SSO greyed out situation, and showed you the steps to properly edit a vCenter Single Sign-On user. In addition, to avoid accidental loss, you may need to perform vCenter backup regularly.