Site icon Virtual Maestro

Types of Identity Sources for VMware vSphere 6.x Single Sign On (SSO)

VMware vCenter Single Sign-On 5.5 and later, supports the following types of  identity sources.


  • Active Directory versions 2003 and later:
    • Single Active Directory domain can be added as an identity source including any child domains or be a forest root domain. 
    • It will be listed as Active Directory (Integrated Windows Authentication) in the vSphere Web Client.
  • Active Directory over LDAP:
    • vCenter Single Sign-On supports multiple Active Directory over LDAP identity sources. 
    • This identity source type is included for compatibility with the vCenter Single Sign-On service included with vSphere 5.1. 
    • Listed as Active Directory as an LDAP Server in the vSphere Web Client.
  • OpenLDAP versions 2.4 and later:
    • vCenter Single Sign-On supports multiple OpenLDAP identity sources. 
    • Listed as OpenLDAP in the vSphere Web Client.
  • Local operating system users:
    • Local operating system users are local to the operating system where the vCenter Single Sign-On server is running. 
    • Only one local operating system identity source is allowed. Listed as localos in the vSphere Web Client.
  • vCenter Single Sign-On system users:
    • One system identity source named vsphere.local (can be changed in vSphere 6.X) is created when you install vCenter Single Sign-On. 
    • Listed as vsphere.local in the vSphere Web Client.

At any time, only one default domain exists. If a user from a non-default domain logs in, that user must add the domain name (DOMAIN\user) to authenticate successfully.


Exit mobile version