You can use vCenter Single Sign-On, Active Directory Federation Services (AD FS), or Okta as the identity provider for VMware Cloud Foundation.
By default, VMware Cloud Foundation uses vCenter Single Sign-On as its identity provider and the system domain (for example, vsphere.local) as its identity source. You can add Active Directory over LDAP and OpenLDAP as identity sources for vCenter Single Sign-On. See Add Active Directory over LDAP or OpenLDAP as an Identity Source for VMware Cloud Foundation.
You can also configure VMware Cloud Foundation to use Active Directory Federation Services (AD FS) or Okta as an external identity provider, instead of using vCenter Single Sign-On. See Configure AD FS as the Identity Provider in the SDDC Manager UI and Configure Okta as the Identity Provider in the SDDC Manager UI.