Each identity source known to vCenter Single Sign On is associated with a domain. You can specify one or more default domains. vCenter Single Sign On uses default domains to authenticate users when a user name is provided without a domain name.

If a user name exists in more than one of the specified default domains, Single Sign On attempts to authenticate the user against each domain in the order listed. Authentication succeeds with the first domain that accepts the credentials that the user provided. By default, Single Sign On first validates the user against the local operating system identity source.


In the vSphere Web Client, browse to Administration, click Sign-on and Discovery, and then click Configuration.


On the Identity Sources tab, select a domain and click Add to Default Domains.


Click the Save icon.

The domain is added to the list of default domains.


(Optional) To change the order of the default domains, use the Move Up and Move Down arrows and click Save.


To remove a domain from the list, select the domain and click Remove.


Click the Save icon.

The domain is removed from the Default Domains list, but it remains in the list of identity sources.