Each vCenter Single Sign-On identity source is associated with a domain. vCenter Single Sign-On uses the default domain to authenticate a user who logs in without a domain name. Users who belong to a domain that is not the default domain must include the domain name when they log in.
When a user logs in to a vCenter Server system from the vSphere Web Client, the login behavior depends on whether the user is in the domain that is set as the default identity source.
- Users who are in the default domain can log in with their user name and password.
- Users who are in a domain that has been added to vCenter Single Sign-On as an identity source but is not the default domain can log in to vCenter Server but must specify the domain in one of the following ways.
- Including a domain name prefix, for example, MYDOMAIN\user1
- Including the domain, for example, email@example.com
- Users who are in a domain that is not a vCenter Single Sign-On identity source cannot log in to vCenter Server. If the domain that you add to vCenter Single Sign-On is part of a domain hierarchy, Active Directory determines whether users of other domains in the hierarchy are authenticated or not.
- From a Web browser, connect to the vSphere Web Client or the Platform Services Controller.
Option Description vSphere Web Client https://vc_hostname_or_IP/vsphere-client Platform Services Controller https://psc_hostname_or_IP/psc
In an embedded deployment, the Platform Services Controller host name or IP address is the same as the vCenter Server host name or IP address.
- Specify the user name and password for firstname.lastname@example.org or another member of the vCenter Single Sign-On Administrators group.
If you specified a different domain during installation, log in as administrator@ mydomain.
- Navigate to the vCenter Single Sign-On configuration UI.
Option Description vSphere Web Client
- From the Home menu, select Administration.
- Under Single Sign-On, click Configuration.
Platform Services Controller Click Single Sign-On and click Configuration.
- On the Identity Sources tab, select an identity source and click the Set as Default Domain icon.
In the domain display, the default domain shows (default) in the Domain column.