How-to: Configure Prism Central Authentication with Active Directory on Nutanix AOS 5.5

To configure Prism Self Service, we will need to setup domain (or ldap) authentication. To do this, log into Prism Central as an admin user, then click on the "Gear" icon in Prism Central (1), then click on "Authentication" (2).

Click on the button that says "New Directory".

Fill out the appropriate fields, including Directory Type (1), a name for this connection (2), the fully qualified domain name (3), and the directory URL using the "ldap://ip-or-host-name" or "ldaps://ip-or-host-name" syntax (4). The default LDAP port number is 389. Nutanix also supports LDAPS (port 636) and LDAP/S Global Catalog (ports 3268 and 3269). Next, enter a service account with enough domain privileges that it can query the domain, using the "username@domain.local" syntax (5). To continue, click on the "Save" button (6).

The domain should now be added to the configuration. If you hover over the yellow icon, it will alert you that Role Mapping needs setup. We will do that in the following step.

Role mapping assigns cluster privileges to certain active directory users, groups or OU’s.

To setup Role Mapping, click on the "Gear icon" and then click on "Role Mapping".

Click on the "New Mapping" button.

Select the Active Directory name from the dropdown box (1). Choose the LDAP type that you want to use. You can choose Group, User or (Domain) OU (2). Next, choose what cluster role these user(s) will be given (3). Under the "Values" section, enter the group/user/OU that will be given permissions to the cluster (4).

In my example below, I typed in a group called "PrismSSadmins" which includes a couple of users that I would like to make cluster administrators. The users included in this group is the Domain "Administrator" user and my own user login called "dennis".

Click on the "Save" button to continue.

The role mappings are now saved successfully. Feel free to setup additional mappings if required in your environment.

Since my user "dennis" was included in the above role mapping group, I’m going to log into Prism Central with that user.

Remember to use the format "username@domain" to log into Prism Central.

Now you can see that I have logged into Prism Central with my user account, which is a cluster administrator.