How-to: Configure Prism Central Authentication with Active Directory on Nutanix AOS 5.5

This lesson will show you how to setup Prism Central authentication using Active Directory on Nutanix AOS 5.5.

Note, setting up authentication is a requirement if you would like to use the Self Service features within Prism Central.

Configuring Prism Central Authentication

To configure Prism Self Service, we will need to setup domain (or ldap) authentication. To do this, log into Prism Central as an admin user, then click on the "Gear" icon in Prism Central (1), then click on "Authentication" (2).

Click on the button that says "New Directory".

Active Directory Settings

Fill out the appropriate fields, including Directory Type (1), a name for this connection (2), the fully qualified domain name (3), and the directory URL using the "ldap://ip-or-host-name" or "ldaps://ip-or-host-name" syntax (4). The default LDAP port number is 389. Nutanix also supports LDAPS (port 636) and LDAP/S Global Catalog (ports 3268 and 3269). Next, enter a service account with enough domain privileges that it can query the domain, using the "username@domain.local" syntax (5). To continue, click on the "Save" button (6).

Authentication Configuration Complete

The domain should now be added to the configuration. If you hover over the yellow icon, it will alert you that Role Mapping needs setup. We will do that in the following step.

Setup Role Mapping

Role mapping assigns cluster privileges to certain active directory users, groups or OU’s.

To setup Role Mapping, click on the "Gear icon" and then click on "Role Mapping".

Click on the "New Mapping" button.

Select the Active Directory name from the dropdown box (1). Choose the LDAP type that you want to use. You can choose Group, User or (Domain) OU (2). Next, choose what cluster role these user(s) will be given (3). Under the "Values" section, enter the group/user/OU that will be given permissions to the cluster (4).

In my example below, I typed in a group called "PrismSSadmins" which includes a couple of users that I would like to make cluster administrators. The users included in this group is the Domain "Administrator" user and my own user login called "dennis".

Click on the "Save" button to continue.

The role mappings are now saved successfully. Feel free to setup additional mappings if required in your environment.

Logging In as a Cluster Administrator

Since my user "dennis" was included in the above role mapping group, I’m going to log into Prism Central with that user.

Remember to use the format "username@domain" to log into Prism Central.

Now you can see that I have logged into Prism Central with my user account, which is a cluster administrator.