Each vCenter Single Sign-On identity source is associated with a domain. vCenter Single Sign-On uses the default domain to authenticate a user who logs in without a domain name. Users who belong to a domain that is not the default domain must include the domain name when they log in.
When a user logs in to a vCenter Server system from the vSphere Client, the login behavior depends on whether the user is in the domain that is set as the default identity source.
- Users who are in the default domain can log in with their user name and password.
- Users who are in a domain that has been added to vCenter Single Sign-On as an identity source but is not the default domain can log in to vCenter Server but must specify the domain in one of the following ways.
- Including a domain name prefix, for example, MYDOMAIN\user1
- Including the domain, for example, firstname.lastname@example.org
- Users who are in a domain that is not a vCenter Single Sign-On identity source cannot log in to vCenter Server. If the domain that you add to vCenter Single Sign-On is part of a domain hierarchy, Active Directory determines whether users of other domains in the hierarchy are authenticated or not.
- Log in with the vSphere Client to the vCenter Server.
- Specify the user name and password for email@example.com or another member of the vCenter Single Sign-On Administrators group.
If you specified a different domain during installation, log in as administrator@ mydomain.
- Navigate to the Configuration UI.
- From the Home menu, select Administration.
- Under Single Sign On, click Configuration.
- Under the Identity Provider tab, click Identity Sources, select an identity source, and click Set as Default.
- Click OK.
In the domain display, the default domain shows (default) in the Type column.