An instance of vCenter Single Sign-On runs on the vCenter Server Appliance. By default, the vCenter Server Appliance uses the embedded Single Sign-On instance, but you can point to an external instance of vCenter Single Sign-On that is running on another system.
The external vCenter Single Sign-On instance can be on a different vCenter Server Appliance or on a Windows machine.
Before you make changes to the Single Sign-On configuration, you must stop the vCenter Server service on the Summary tab of the vCenter Server Appliance Web console.
- Log in to the VMware vCenter Server Appliance Web console.
- On the vCenter Server tab, click SSO.
- Select the deployment type external.
- Type the user name and password of a user with administrator privileges on the external instance of Single Sign-On.
This user is the Single Sign-On administrator user (typically email@example.com).
- Type the name of the user or group who will be assigned as administrator of the vCenter Server system.
The user or group must exist on the external instance of vCenter Single Sign-On.
- Type the URL of the Lookup Service for the target instance of vCenter Single Sign-On.
The format is typically https://external SSO IP or host name:7444/lookupservice/sdk, where 7444 is the default HTTPS port for vCenter Single Sign-On.
- Click the Accept Certificate check box.
- Click Test Settings.
- Click Save Settings.
The instance of vCenter Server, the Inventory Service, and the vSphere Web Client are registered with the external instances of vCenter Single Sign-On and the Lookup Service.
What to do next
Restart the vCenter Server service.