The vCenter Single Sign-On Groups tab shows groups in the local domain, vsphere.local by default. You add groups if you need a container for group members (principals).

You cannot add groups to other domains, for example, the Active Directory domain, from the vCenter Single Sign-On Groups tab.

If you do not add an identity source to vCenter Single Sign-On, creating groups and adding users can help you organize the local domain.


  1. From a Web browser, connect to the vSphere Web Client or the Platform Services Controller.
    Option Description
    vSphere Web Client https://vc_hostname_or_IP/vsphere-client
    Platform Services Controller https://psc_hostname_or_IP/psc

    In an embedded deployment, the Platform Services Controller host name or IP address is the same as the vCenter Server host name or IP address.

  2. Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.
    If you specified a different domain during installation, log in as administrator@ mydomain.
  3. Navigate to the vCenter Single Sign-On user configuration UI.
    Option Description
    vSphere Web Client
    1. From the Home menu, select Administration.
    2. Under Single Sign-On, click Users and Groups.
    Platform Services Controller Click Single Sign-On and click Users and Groups.
  4. Select the Groups tab and click the New Group icon.
  5. Enter a name and description for the group.
    You cannot change the group name after you create the group.
  6. Click OK.

What to do next

  • Add members to the group.