To allow the users and groups in your Microsoft Active Directory domain to use their Active Directory credentials to log in to the SDDC Manager client as well as the vCenter Server instances that are deployed in your Cloud Foundation environment, you configure your Microsoft Active Directory domain as an identity source for the authentication services.

The Platform Services Controller component provides the single sign-on capability for the vCenter Server Single Sign-On authentication service. During the environment's initial bring-up process, you enter your root domain, domain name server (DNS) subdomain, and Platform Services Controller single sign-on domain information in the configuration wizard. When you intend to use your Active Directory domain as identity sources for logging into SDDC Manager and to the vCenter Server instances, you typically enter vsphere.local in the configuration wizard as the Platform Services Controller single sign-on domain. Once the software stack is deployed, you can log in using the administrator@vsphere.local account that is generated by the bring-up process, and then configure your Active Directory domain as an identity source.

After you configure your Active Directory domain as an identity source, the users and groups in the joined Active Directory domain become available to grant permissions to users and groups for logging in to the Web interfaces using their Active Directory credentials: