You can unlink a vCenter Single Sign-On (SSO) domain when you no longer want to use Hybrid Linked Mode with that on-premises server.

About this task

For example, you might want to link an on-premises data center to your SDDC in order to migrate virtual machines to the SDDC, and then unlink the on-premises data center. If you plan to decomission a linked on-premises data center, unlink it before doing so.


Unlinking an SSO domain does not remove the associated identity source or permissions that you added before linking the domain. Users can still use their on-premises credentials to authenticate to your SDDC, and retain the permissions granted to them. However, they are not able to view the on-premises inventory after unlinking the domain.

Unlinking also leaves tags and categories in place, because VMs in your cloud SDDC might still be using those tags.


Ensure that you have network connectivity between your SDDC management gateway and your SSO Domain.


  1. If you haven't already, log in to the vSphere Client for your SDDC and browse to the Linked Domains page.
    1. Select Menu > Administration to display the Administration page.
    2. Under Hybrid Cloud, select Linked Domains.
  2. Under the name of the linked domain, click Unlink.

    A dialog box appears asking you to confirm the unlinking. Note that all currently active sessions are logged out when you unlink a domain.

  3. Click OK.

    When the unlinking is complete, you are prompted to log out.

  4. Click OK to log out.


The SSO domain is unlinked. You can now log back in with your cloud or on-premises credentials and view the resources in your SDDC. If you want to continue using Hybrid Linked Mode, you can link to another SSO domain or relink to the same domain.


After you unlink the SSO domain, new connections to the cloud SDDC vSphere Client cannot view or interact with previously-linked on-premises resources. Currently active sessions in the cloud SDDC vSphere Client continue to be able to view and interact with resources in the previously linked on-premises vCenter Server instances until the users of those sessions log out of the cloud SDDC vSphere Client or the sessions expire. If necessary, log in to each of the previously-linked on-premises vCenter Server instances, and forcibly terminate these sessions.