Each vCenter Single Sign-On identity source is associated with a domain. vCenter Single Sign-On uses the default domain to authenticate a user who logs in without a domain name. Users who belong to a domain that is not the default domain must include the domain name when they log in.

When a user logs in to a vCenter Server system from the vSphere Web Client, the login behavior depends on whether the user is in the domain that is set as the default identity source.

  • Users who are in the default domain can log in with their user name and password.
  • Users who are in a domain that has been added to vCenter Single Sign-On as an identity source but is not the default domain can log in to vCenter Server but must specify the domain in one of the following ways.
    • Including a domain name prefix, for example, MYDOMAIN\user1
    • Including the domain, for example, [email protected]
  • Users who are in a domain that is not a vCenter Single Sign-On identity source cannot log in to vCenter Server. If the domain that you add to vCenter Single Sign-On is part of a domain hierarchy, Active Directory determines whether users of other domains in the hierarchy are authenticated or not.


  1. From a Web browser, connect to the vSphere Web Client or the Platform Services Controller.
    Option Description
    vSphere Web Client https://vc_hostname_or_IP/vsphere-client
    Platform Services Controller https://psc_hostname_or_IP/psc

    In an embedded deployment, the Platform Services Controller host name or IP address is the same as the vCenter Server host name or IP address.

  2. Specify the user name and password for [email protected] or another member of the vCenter Single Sign-On Administrators group.
    If you specified a different domain during installation, log in as administrator@ mydomain.
  3. Navigate to the vCenter Single Sign-On configuration UI.
    Option Description
    vSphere Web Client
    1. From the Home menu, select Administration.
    2. Under Single Sign-On, click Configuration.
    Platform Services Controller Click Single Sign-On and click Configuration.
  4. On the Identity Sources tab, select an identity source and click the Set as Default Domain icon.
    In the domain display, the default domain shows (default) in the Domain column.