Each vCenter Server is associated with a vCenter Single Sign-On domain. The domain name defaults to vsphere.local, but you can change it during deployment. The domain determines the local authentication space.

vCenter Single Sign-On Domain

When you deploy a vCenter Server appliance, you are prompted to create a vCenter Single Sign-On domain or join an existing domain.

The domain name is used by the VMware Directory Service (vmdir) for all Lightweight Directory Access Protocol (LDAP) internal structuring.

You can give your domain a unique name. To prevent authentication conflicts, use a name that is not used by OpenLDAP, Microsoft Active Directory, and other directory services.

After you specify the name of your domain, you can add users and groups. You can add an Active Directory or LDAP identity source and allow the users and groups in that identity source to authenticate. You can also add vCenter Server instances, or other VMware products, such as vRealize Operations, to the domain.