The pre-appliance vCenter Server was a Windows-based service using native Windows facilities and the Windows user model for identification and authentication. The vCenter Server Web service is associated with the Windows user account that was logged in to the machine for vCenter Server installation. This vCenter Server administrator account was a member of the local Windows Administrator group on the machine.

VMware recommended creating a dedicated Windows user account for installing and managing the vCenter Server system. Other vCenter Server users who connect to the Web service also needed a Windows account on the local Administrator group.

More recently the vCenter Server Appliance uses the Platform Services Controller for authentication.

Important: Even if a user with the same name exists on an ESXi host and a vCenter Server system, the two users have different accounts.

For details, see the Datacenter Administration Guide in the VMware vSphere documentation set.

Organizations that are using Microsoft Active Directory can use the user identities contained in a Windows Server domain controller or Active Directory service across their virtual infrastructure. Microsoft Active Directory identities are supported for all clients that run vSphere Web Services SDK applications from Windows-based systems.

A vCenter Server client uses a SAML token to establish a single sign on session with the Server. See Establishing a Single Sign-On Session with a vCenter Server.