One of the two biggest ways to improve an organization’s security posture is through good account management and password hygiene from all the IT infrastructure footprint components.
As for passwords, they’re just not secure anymore this is how we normally try to get a good hold of
• We can make passwords complicated (Complex)
• Check the passwords against databases of compromised passwords,
• Rotate them periodically.
What happens then? We write them down. If we avoid that, passwords are still very vulnerable to keystroke loggers, malicious web sites, cameras, malware, and even other people “shoulder-surfing” and watching you type.
vSphere 7 now provides reduced risk and flexible options for MFA by allowing vCenter Servers to federate with multiple Identity Federation which uses the standard protocols like OAUTH2 and OIDC to exchange information. As such, vSphere 7 initially supports ADFS because it represents what a large portion of our customers have and can easily use . This allows vSphere to participate in corporate identity management procedures.
Identity Federation allows us to attach vCenter Server to enterprise identity providers like Active Directory Federation Services (ADFS). This means that vCenter Server participates in the same centralized corporate processes, such as onboarding and termination and the identity lifecycle is very well taken care . It also means that users can use the same methods to log into vCenter Server as they do their desktops and the cloud.
Once attached to the identity provider (in this case it’s ADFS — more on that below), the vSphere Client will redirect logins to the provider’s login page. The user or admin logs in using their corporate credentials, including any multifactor authentication that is configured as part of the system. Once they’re authenticated, the identity provider redirects them back to the vSphere Client with a cryptographic token that authorizes them.
The benefits of having vSphere Identity Federation is going to be a great step forward for security, a reduction in work for compliance audits, less process duplication in an organization, less work for vSphere Admins, and a better experience for users.
