You can manage users and groups using the User Management page of the SDDC Manager client. SDDC Manager provides role-based access control.
For an overview of the User Management page, see Tour of the SDDC Manager User Interface.
Authentication to the SDDC Manager client uses the VMware vCenter® Single Sign-On authentication service that is installed with the Platform Services Controller feature during the bring-up process for your Cloud Foundation installation. This authentication service constructs an internal security domain based on the values entered during the bring-up process, and the SDDC Manager is registered in that domain. The service can authenticate users from a set of users and groups that you manually configure in the environment or it can connect to trusted external directory services such as Microsoft Active Directory. Using roles, authenticated users are given permissions to operate within SDDC Manager, according to the assignments you specify using the SDDC Manager client.
SDDC Manager uses roles, and their associated rights, to determine which users and groups can perform which operations. System administrators can assign roles to users and groups.