To activate single sign-on and to honor the local vCenter privileges, you must set up an authentication mechanism between the vCenter and VMware Cloud. You can either use your VMware Cloud account or federate your identity provider with VMware Cloud.

Depending on the vCenter version, set up the authentication mechanism between the vCenter and VMware Cloud.
vCenter Version Authentication Mechanism
8.0 Update 2 and later You can use one of the following authentication mechanisms:
  • If you do not use an identity provider for vCenter authentication, you can use your VMware Cloud account to directly log in to vCenter. You must add the VMware Cloud account to the VMwareID domain in the vCenter and provide the vCenter roles and access privileges to the VMware Cloud user. See Add VMware Cloud Users to the VMwareID Domain.
  • If you are using an identity provider, federate the identity provider with VMware Cloud. See Federate Your Identity Provider.
Earlier than 8.0 Update 2 If you are using any identity provider, federate the identity provider with VMware Cloud. See Federate Your Identity Provider.
Important: After you set up the authentication mechanism, you can add users and assign the necessary roles. See Manage vSphere+ Users and Roles.