vSphere – Adding Domain Users/Groups to vCenter

KB ID 0001063


Despite my best efforts to keep working with the VMware VI client, my recent move to a MAC has finally forced me to start using the web client. So when I rebuilt my vCenter this week, I went out of my way to use that.

Note: If you have your vCenter and Platform Services Controller (PSC) separated, the use the following article instead;

vSphere: Setup Domain Authentication via PSC


I’m assuming you have a default install of vCenter and you have also installed the SSO options (this would be the default). You should also have taken note of the administrator@vsphere.local password you entered when you installed vCenter.

1. Log into the vCenter with the vSphere Web Client, as administrator@vsphere.local

URL will be https://{IP or Hostname}:9443

Navigate to Administration > Single Sign On > Configuration > Identity Sources > Select your domain and set it as the default domain.

vCenter SSO Domain

2. Note: If your domain is not listed (you didn’t add it during the install of vCenter for example), then simply add it first.

Add domain to vSphere

3. Users and Groups > Groups > Administrators > Add > Change the domain to yours > Locate the user (or group) > Add > OK.

Add doamin group to vCenter

4. Now you need to grant rights, the simplest way is to grant rights at the vCenter level, and then those rights will cascade down to the Datacenter(s), Clusters, Hosts, and Virtual Machines.
Home > vCenter Servers > Select your vCenter > Manage > Permissions > Add.

Add domain admin to vCenter

5. Select the Administrator role > Add > Select your domain > Locate the users and groups you want to ad > Add > OK.

vCenter SSO Domain


Related Articles, References, Credits, or External Links

Add Domain Authentication To The vCenter Server Appliance

Author: Migrated

Share This Post On