vCenter Single Sign-On lets you add identity sources, manage default domains, configure a password policy, and edit the lockout policy.

You configure vCenter Single Sign-On from the vSphere Web Client. To configure vCenter Single Sign-On, you must have vCenter Single Sign-On administrator privileges. Having vCenter Single Sign-On administrator privileges is different from having the Administrator role on vCenter Server or ESXi. By default, only the user administrator@vsphere.local has administrator privileges on the vCenter Single Sign-On server in a new installation.