Starting in vSphere 7.0, vCenter Server supports federated authentication to sign in to vCenter Server.
To enable federated authentication to vCenter Server, you configure a connection to an external identity provider. The identity provider instance that you configure replaces vCenter Server as the identity provider. Currently, vCenter Server supports only Active Directory Federation Services (AD FS) as an external identity provider.
Note: VMware encourages you to use federated authentication as vSphere moves towards token-based authentication.
vCenter Server continues to have local accounts, for administrative access and error recovery.