I think managing authentication settings via Prism Central for all managed clusters would be a safe option to add. Perhaps even to inherit Prism Central's Authentication values to each Prism Central or to have a fallback method enabled at the individual cluster level. (Note: i don't mean central authentication - I mean managing the Authentication Configuration of a cluster -LDAP/LDAPS-, along perhaps with basic Role & group membership settings.)
Of course, taking this to the next level, this could be added to a "cluster configuration template" like set of settings within Prism Central:
A specific Cluster Configuration Template could contain things like:
Pulse Settings, Authentication, LCM, HTTP Proxy, SNMP, Filesystem Whitelists, VM HA (AHV), Language settings, UI settings, Alert policies, Alert Email configuration, and welcome banner pages - items that are more than likely common to an organization.
(Items such as DNS/NTP/SMTP/Certificates would be best handled locally though... too much chance of breaking things.)
Having multiple Cluster configuration templates would be the icing on the cake:
Cluster Template A - datacenter like clusters
Cluster Template B - for remote offices etc..
While I realize that ncli commands/Rest API's already exist to configure these, what would be different in this method is that the configuration values could be enforced if changed, making sure standards were followed. Not to mention help with configuration reporting...
PC Roles could be expanded in Prism Central to include "Use Cluster Template" vs. "Edit Cluster Template" etc to help separate cluster admins from cluster users.
Just some thoughts that might come in handy when managing a large number of clusters...