Configure VMware Identity Sources

When a user logs in to a vSphere environment, the vCenter SSO will validate the user's credentials through one of the configured identity sources. 

If the user also specifies the domain name (using the domain\user or user@domain format), the authentication will match the specific identity source.

Identity sources are some kind of centralized user and group system, usually some type of authentication domains, and vSphere supports the following:

• SSO domain: This is a default identity source, created with the configuration of the PSC.
• AD (native): When the SSO is joined to an AD domain, it is possible to use the domain or the forest as an authentication source.
• LDAP (AD): The users are defined on an AD domain, but you don't have to join the SSO to the AD domain.
• LDAP (OpenLDAP): The users are defined on an OpenSource LDAP server.
• Local OS: The users are defined in the SAM file (for Windows-based SSO) or the /etc/passwd and /etc/shadow files (for Linux-based SSO).

You can add new identity sources or remove existing ones, and you can also change the default source.

Note that you must have vCenter SSO administrator privileges in order to manage the identity sources.

From the vSphere Web Client, just select the Configuration menu, located at Home | Administration | Single Sign-On. Then, select the Identity Sources tab:

To configure a new identity source, select Identity Sources and click on the plus icon (+). Then, choose the proper identity source type and enter the specific identity source settings.

For example, for AD, you will see a screen like the following: