You can use the sso-config utility to add or remove an identity source.

An identity source can be a native Active Directory (Integrated Windows Authentication) domain, AD over LDAP, AD over LDAP using LDAPS (LDAP over SSL), or OpenLDAP. See Identity Sources for vCenter Server with vCenter Single Sign-On. You also use the sso-config utility to set up smart card and RSA SecurID authentication.


If you are adding an Active Directory identity source, the vCenter Server must be in the Active Directory domain. See Add a vCenter Server to an Active Directory Domain.

Enable SSH login. See Manage vCenter Server from the vCenter Server Shell.


  1. Use SSH or another remote console connection to start a session on the vCenter Server system.
  2. Log in as root.
  3. Change to the directory where the sso-config utility is located.
    cd /opt/vmware/bin
  4. Refer to the sso-config help by running -help, or see the VMware knowledge base article at for usage examples.