Enabling Mirket MFA for vCenter Login via LDAP Proxy

This guide explains how to enforce Multi-Factor Authentication (MFA) using Mirket LDAP Proxy for users logging into VMware vCenter with Active Directory credentials.

🔧 Step 1: Configure Active Directory over LDAP in vCenter

1. Login to the vCenter Web UI and go to: Administration > Single Sign On > Configuration > Identity Sources

2. Click "Add Identity Source" and select "Active Directory over LDAP".

3. Fill in the identity source fields using values appropriate to your environment. Below is an example configuration for reference:

1. Under Connect To, select Specific domain controllers.

2. Click Add to save the configuration.

⚠️ Important: Do not use your actual domain controller address here. The LDAP Proxy should act as the front-facing directory to intercept all login requests.

Once this configuration is in place:

1. Login attempts to vCenter are sent to the Mirket LDAP Proxy (instead of AD directly).

2. The LDAP Proxy forwards the authentication request to your real Active Directory.

3. If the AD credentials are correct, the LDAP Proxy evaluates the user’s rule set.

4. If MFA is required for this user (as defined in your LDAP Proxy rules), a Mirket Push Notification is sent to the user’s mobile app.

5. The user approves the request via the Mirket app.

6. Upon approval, the LDAP Proxy responds positively to vCenter, and the user is granted access.

✅ From the vCenter perspective, the user is authenticated via standard LDAP — but behind the scenes, Mirket enforces MFA through the proxy.

Related Configuration

To complete this integration, make sure you have:

• Deployed the Mirket LDAP Proxy Gateway on your network.

• Defined appropriate LDAP Proxy rules to enforce MFA based on user/group/device conditions.

👉 You can find those steps in the following guides:

• Mirket LDAP Proxy Gateway Setup Guide

• Configuring Rules for Mirket LDAP Proxy