Users listed on the Users tab In the vSphere Web Client are internal to vCenter Single Sign-On and belong to the vsphere.local domain.

You can select other domains and view information about the users in those domains, but you cannot add users to other domains from the vCenter Single Sign-On management interface of the vSphere Web Client.


  1. Log in to the vSphere Web Client as administrator@vsphere.local or as another user with vCenter Single Sign-On administrator privileges.
    Users with vCenter Single Sign-On administrator privileges are in the CAAdmins group.
  2. Click Home, and browse to Administration > Single Sign-On > Users and Groups.
  3. If vsphere.local is not the currently selected domain, select it from the dropdown menu.
    You cannot add users to other domains.
  4. On the Users tab, click the New User icon.
  5. Type a user name and password for the new user.
    You cannot change the user name after you create a user.

    The password must meet the password policy requirements for the system.

  6. (Optional) Type the first name and last name of the new user.
  7. (Optional) Enter an email address and description for the user.
  8. Click OK.


When you add a user, that user initially has no permissions to perform management operations.

What to do next

Add the user to a group in the vsphere.local domain, for example, to the administrator group. See Add Members to a vCenter Single Sign-On Group.