In vCenter Server 5.1, users authenticate through vCenter Single Sign On.

In vCenter Server versions earlier than vCenter Server 5.1, when a user connects to vCenter Server, vCenter Server authenticates the user by validating the user against an Active Directory domain or the list of local operating system users.

Because vCenter Server now has its own vCenter Single Sign-On server, you must create Single Sign-On users to manage the Single Sign-On server. These users might be different from the users that administer vCenter Server.

The default vCenter Single Sign-On administrator user ID is admin@System-Domain. You can create Single Sign-On administrator users with the Single Sign-On administration tool in the vSphere Web Client. You can associate the following permissions with these users: Basic, Regular, and Administrator.

Users can log in to vCenter Server with the vSphere Client or the vSphere Web Client.

Using the vSphere Client, the user logs in to each vCenter Server separately. All linked vCenter Server instances are visible on the left pane of the vSphere Client. The vSphere Client does not show vCenter Server systems that are not linked to the vCenter Server that the user logged in to unless the user connects to those vCenter Server systems explicitly. This behavior is unchanged from vCenter Server versions earlier than version 5.1.

Using the vSphere Web Client, users authenticate to vCenter Single Sign-On, and are connected to the vSphere Web Client. Users can view all the vCenter Server instances that the user has permissions on. After users connect to vCenter Server, no further authentication is required. The actions users can perform on objects depend on the user's vCenter Server permissions on those objects.

For vCenter Server versions earlier than vCenter Server 5.1, you must explicitly register each vCenter Server system with the vSphere Web Client, using the vSphere Web Client Administration Application.

For more information about vCenter Single Sign On, see vSphere Security.