The vCenter Single Sign-On Groups tab shows groups in the local domain, vsphere.local by default. You add groups if you need a container for group members (principals).

You cannot add groups to other domains, for example, the Active Directory domain, from the vCenter Single Sign-On Groups tab.

If you do not add an identity source to vCenter Single Sign-On, creating groups and adding users can help you organize the local domain.


  1. Log in with the vSphere Client to the vCenter Server connected to the Platform Services Controller.
  2. Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.
    If you specified a different domain during installation, log in as administrator@ mydomain.
  3. Navigate to the vCenter Single Sign-On user configuration UI.
    1. From the Home menu, select Administration.
    2. Under Single Sign On, click Users and Groups.
  4. Select Groups, and click Add Group.
  5. Enter a name and description for the group.
    You cannot change the group name after you create the group.
  6. Click Add.

What to do next

  • Add members to the group.