To enable vSphere Trust Authority, you must add a user to the vSphere TrustedAdmins group. This user becomes the Trust Authority administrator. You use the Trust Authority administrator for most vSphere Trust Authority configuration tasks.

Use a separate user from the vCenter Server administrator as your Trust Authority administrator. Having a separate user enhances the security of your environment. You must enable a Trust Authority administrator for both the Trust Authority Cluster and the Trusted Cluster.


Either create or a user, or identify an existing user, to be the Trust Authority administrator.


  1. Connect to the vCenter Server of the Trust Authority Cluster by using the vSphere Client.
  2. Log in as an administrator.
  3. From the Home menu, select Administration.
  4. Under Single Sign On, click Users and Groups.
  5. Click Groups and click the TrustedAdmins group.
    If the TrustedAdmins group does not appear initially, use the Filter icon to filter for it, or navigate through the groups by clicking the right arrow at the bottom of the pane.
  6. In the Group Members area, click Add Members.
    Make sure that the local identity source is selected (vsphere.local is the default, but you might have selected a different domain during installation), and search for the member (user) you want to add to the group as the Trust Authority administrator.
  7. Select the member.
  8. Click Save.
  9. Repeat steps 1 through 8 for the vCenter Server of the Trusted Cluster.

What to do next

Continue with Enable the Trust Authority State.