Members of a vCenter Single Sign-On group can be users or other groups from one or more identity sources. You can add new members from the vSphere Web Client.

You can add members of Microsoft Active Directory or OpenLDAP groups to a vCenter Single Sign-On group. You cannot add groups from external identity sources to a vCenter Single Sign-On group.

Groups listed on the Groups tab in the vSphere Web Client are part of the vsphere.local domain. See Groups in the vsphere.local Domain.


  1. Log in to the vSphere Web Client as administrator@vsphere.local or as another user with vCenter Single Sign-On administrator privileges.
    Users with vCenter Single Sign-On administrator privileges are in the Administrators group in the vsphere.local domain.
  2. Click Home, and browse to Administration > Single Sign-On > Users and Groups.
  3. Click the Groups tab and click the group (for example, Administrators).
  4. In the Group Members area, click the Add Members icon.
  5. Select the identity source that contains the member to add to the group.
  6. (Optional) Enter a search term and click Search.
  7. Select the member and click Add.
    You can simultaneously add multiple members.
  8. Click OK.