Running vSphere 5.5U2 with SSO and Windows AD authentication
Here is my issue:
Some customers only needs access to a particular cluster or vApp. Ideally, instead of adding their actual AD account, I just put them in a security group that has whatever level of access they need. So I put user "A" into security group "B" and give security group "B" permissions in vCenter. I give them "Read-only" access to the vcenter server and datacenter and do not check "propagate to child....." Then I give security group "B" the appropriate rights to the cluster they need and keep propagate checked. This fails. They cannot log in
However, if I skip putting them into a security group and just use their individual AD account, it works no problem. Is there something I am missing here because its been an issue for a LONG time. Ive tried "googling" and can never find a solution.
Thanks in advance!!