Users listed on the Users tab in the vSphere Web Client are internal to vCenter Single Sign-On and belong to the vsphere.local domain. You add users to that domain from one of the vCenter Single Sign-On management interfaces.

About this task

You can select other domains and view information about the users in those domains, but you cannot add users to other domains from a vCenter Single Sign-On management interface.


  1. From a Web browser, connect to the vSphere Web Client or the Platform Services Controller.



    vSphere Web Client


    Platform Services Controller


    In an embedded deployment, the Platform Services Controller host name or IP address is the same as the vCenter Server host name or IP address.

  2. Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.

    If you specified a different domain during installation, log in as administrator@mydomain.

  3. Navigate to the vCenter Single Sign-On user configuration UI.



    vSphere Web Client

    1. From the Home menu, select Administration.

    2. Under Single Sign-On, click Users and Groups.

    Platform Services Controller

    Click Single Sign-On and click Users and Groups.

  4. If vsphere.local is not the currently selected domain, select it from the dropdown menu.

    You cannot add users to other domains.

  5. On the Users tab, click the New User icon.
  6. Type a user name and password for the new user.

    You cannot change the user name after you create a user.

    The password must meet the password policy requirements for the system.

  7. (Optional) Type the first name and last name of the new user.
  8. (Optional) Enter an email address and description for the user.
  9. Click OK.


When you add a user, that user initially has no privileges to perform management operations.

What to do next

Add the user to a group in the vsphere.local domain, for example, to the group of users who can administer VMCA (CAAdmins) or to the group of users who can administer vCenter Single Sign-On (Administrators). See Add Members to a vCenter Single Sign-On Group.