The vCenter Single Sign-On Groups tab shows groups in the local domain, vsphere.local by default. You add groups if you need a container for group members (principals).

You cannot add groups to other domains, for example, the Active Directory domain, from the vCenter Single Sign-On Groups tab.

If you do not add an identity source to vCenter Single Sign-On, creating groups and adding users can help you organize the local domain.


  1. Log in with the vSphere Client to the vCenter Server.
  2. Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.
    If you specified a different domain during installation, log in as administrator@ mydomain.
  3. Navigate to the vCenter Single Sign-On user configuration UI.
    1. From the Home menu, select Administration.
    2. Under Single Sign On, click Users and Groups.
  4. Select Groups, and click Add Group.
  5. Enter a name and description for the group.
    The maximum number of characters allowed for the group name is 300. You cannot change the group name after you create the group.
  6. From the Add Members drop-down menu, select the identity source that contains the member to add to the group.
    If you have configured an external identity provider such as AD FS, the domain of that identity provider is available to select in the Add Members drop-down menu.
  7. Enter a search term.
  8. Select the member.
    You can add more than one member.
  9. Click Add.

What to do next

See Add Members to a vCenter Single Sign-On Group.