VMware vCenter Single Sign-On 5.5 and later, supports the following types of identity sources.
- Active Directory versions 2003 and later:
- Single Active Directory domain can be added as an identity source including any child domains or be a forest root domain.
- It will be listed as Active Directory (Integrated Windows Authentication) in the vSphere Web Client.
- Active Directory over LDAP:
- vCenter Single Sign-On supports multiple Active Directory over LDAP identity sources.
- This identity source type is included for compatibility with the vCenter Single Sign-On service included with vSphere 5.1.
- Listed as Active Directory as an LDAP Server in the vSphere Web Client.
- OpenLDAP versions 2.4 and later:
- vCenter Single Sign-On supports multiple OpenLDAP identity sources.
- Listed as OpenLDAP in the vSphere Web Client.
- Local operating system users:
- Local operating system users are local to the operating system where the vCenter Single Sign-On server is running.
- Only one local operating system identity source is allowed. Listed as localos in the vSphere Web Client.
- vCenter Single Sign-On system users:
- One system identity source named vsphere.local (can be changed in vSphere 6.X) is created when you install vCenter Single Sign-On.
- Listed as vsphere.local in the vSphere Web Client.
At any time, only one default domain exists. If a user from a non-default domain logs in, that user must add the domain name (DOMAIN\user) to authenticate successfully.