I had a few issues getting vCloud Director and SAML federation playing nicely. By issues, I mean there wasn’t an explicit how-to in VMware’s doco. The big issues were group-based authentication and authenticating against a user’s email address instead of their UPN. Using the following article from pablovirtualization I was able to get vCloud Director federated to an ADFS SAML endpoint. https://pablovirtualization.wordpress.com/2015/01/13/vcloud-director-and-microsoft-ad-fs-active-director-federation-service-authentication/ This allowed users to login using their UPN.