The first step toward configuring Hybrid Linked Mode from your SDDC is to add your on-premises LDAP domain as an identity source for the SDDC vCenter Server .

You can configure Hybrid Linked Mode from your SDDC if your on-premises LDAP service is provided by a native Active Directory (Integrated Windows Authentication) domain or an OpenLDAP directory service.

This step is optional when configuring Hybrid Linked Mode from the vCenter Cloud Gateway, but adding an identity source does allow you to configure users or groups with a lesser level of access than the Cloud Administrator.


If you are using OpenLDAP as the identity source, see the VMware knowledge base article at for additional requirements.


Take a look at Identity Sources for vCenter Server with vCenter Single Sign-On in the VMware vSphere Product Documentation for additional information about configuring and using identity sources and certificates.


  1. Log in to the vSphere Client for your SDDC.
    To add an identity source, you must be logged in as cloudadmin@vmc.local or another member of the Cloud Administrators group.
  2. Configure single sign-on to add an identity provider.
    Follow the steps in Add or Edit a vCenter Single Sign-On Identity Source in the VMware vSphere Product Documentation.
  3. Configure the identity source settings.
    See Active Directory over LDAP and OpenLDAP Server Identity Source Settings for detailed information about the configuration parameters.


When the identity source is added, on-premises users can authenticate to the SDDC, but have the No access role. Add permissions for a group of users to give them the Cloud Administrator role.