You can use vCenter Single Sign-On or Active Directory Federation Services (AD FS) as the identity provider for VMware Cloud Foundation.
By default, VMware Cloud Foundation uses vCenter Single Sign-On as its identity provider and the system domain (for example, vsphere.local) as its identity source. You can add Active Directory over LDAP and OpenLDAP as identity sources for vCenter Single Sign-On. See Add Active Directory over LDAP or OpenLDAP as an Identity Source for VMware Cloud Foundation.
You can also configure VMware Cloud Foundation to use Active Directory Federation Services (AD FS) as an external identity provider, instead of using vCenter Single Sign-On. See Use AD FS as the Identity Provider for VMware Cloud Foundation.