I recently had a question about multi-factor authentication within VCF, VMware Cloud Foundation. I was able to find out the answer after sending the query to a few folks on the VCF team. It transpires that VMware have recently delivered MFA (Duo support) and external Authn/AuthZ (Oasis, SAML, OKtA, AzureAD, PING) via a joint partner solution with Entrust.
Support for VMware Cloud Foundation (VCF) and SDDC Manager appears in HyTrust CloudControl, Version 6.4. Per the CloudControl Administration Guide, when SDDC manager is added to CloudControl, the inventory of the vSphere and NSX-T resources can be viewed. Access control policies can be created to determine who is allowed access to the resources in your VCF deployment. There was also a good write-up on business wire about how HyTrust CloudControl adds centralized role-based access control and compliance hardening for VMware Cloud Foundation customers.