Reading Time: 2 minutes

VMware vSphere 8.0 Update 3 is the final release to support Integrated Windows Authentication (IWA) in VMware SSO as explained in the VMware KB 314324 (Removal of Integrated Windows Authentication).

Note that also all IWA related functionalities like Windows Session Authentication (SSPI) will be removed in a future ESXi release!

IWA was deprecated in vSphere 7.0 and wth vSphere 8.0 GA there was a warning message during the vCenter upgrade:

To ensure continued secure access, migrate from IWA to Active Directory over LDAPS (AD over LDAPS). Note: VMware KB 344919 describes important considerations when moving from IWA to AD over LDAPS.

Configuration is not so easy and simple like with IWA, because several parameters are needed, but is much more secure, considering that you don’t need to put anymore the VCSA in the AD as a domain member.

Otherwise, customers are encouraged to migrate to a federated Identify Provider such as Okta, Entra ID, PingFederate, or Active Directory Federation Services (AD FS).

For more information, see vSphere Authentication with vCenter Single Sign-On and Deprecation of Integrated Windows Authentication

Share