Each vCenter Single Sign-On identity source is associated with a domain. vCenter Single Sign-On uses the default domain to authenticate a user who logs in without a domain name. Users who belong to a domain that is not the default domain must include the domain name when they log in.

About this task

When a user logs in to a vCenter Server system from the vSphere Web Client, the login behavior depends on whether the user is in the default domain.

  • Users who are in the default domain can log in with their user name and password.

  • Users who are in a domain that has been added to vCenter Single Sign-On as an identity source but is not the default domain can log in to vCenter Server but must specify the domain in one of the following ways.

    • Including a domain name prefix, for example, MYDOMAIN\user1

    • Including the domain, for example, user1@mydomain.com

  • Users who are in a domain that is not a vCenter Single Sign-On identity source cannot log in to vCenter Server. If the domain that you add to vCenter Single Sign-On is part of a domain hierarchy, Active Directory determines whether users of other domains in the hierarchy are authenticated or not.

Procedure

  1. Log in to the vSphere Web Client as administrator@vsphere.local or as another user with vCenter Single Sign-On administrator privileges.

    Users with vCenter Single Sign-On administrator privileges are in the CAAdmins group.

  2. Browse to Administration > Single Sign-On > Configuration.
  3. On the Identity Sources tab, select an identity source and click the Set as Default Domain icon.

    In the domain display, the default domain shows (default) in the Domain column.