vCenter Server accepts several authentication methods. The authentication method that you choose depends on whether you choose token authentication, and on the state of the vCenter Server instance.

During normal operation, vCenter Server enables you to authenticate with vCenter Single Sign-On credentials. You have the option to use either token authentication or user name and password authentication. The user name and password must be recognized within the vCenter Single Sign-On domain.

However, during the process of restoring vCenter Server from a backup image, you must use a different authentication protocol. For more information, see Restoring vCenter Server.

By default, vCenter Server acts as the identity provider for your vSphere environment. Starting with vSphere 7.0, you can replace vCenter Server as the default authentication authority with an external identity provider. You can federate vCenter Server to Active Directory Federation Services (AD FS) with the help of the vSphere Automation API.