• Local vCloud Director accounts have limited password policy enforcement options.

• The user or organization administrator can change the user’s password only if it is a local vCloud Director account.

• Organization LDAP settings must be configured by the system administrator. vCloud Director cells must have network access to LDAP servers.

• Active Directory SSPI integration allows single sign-on for tenants who are already authenticated in the Active Directory domain.

• SAML 2.0 identity provider (IdP) can be configured by the organization administrator. The tenant can use its own IdP (Active Directory) without requiring network connectivity between vCloud Director cells and the IdP servers.

• OAuth 2.0 authentication allows user to authenticate with single token provided by an external identity provider. The service provider can revoke the right to configure OAuth from the organization administrator and manage it on their behalf for third-party portal integration or federation of multiple vCloud Director instances.

• User management rights can be revoked from the organization administrator, which might be useful if the provider manages accounts in a centralized identity provider and does not want to allow tenants create local accounts.