vSphere users are defined in an identity source. You can edit the details of an identity source that is associated with vCenter Single Sign On.


Browse to Administration > Sign-on and Discovery > Configuration in the vSphere Web Client.


Click the Identity Sources tab.


Right-click the identity source in the table and select Edit Identity Source.


Edit the identity source settings.




The name of the identity source

Primary server URL

For Open LDAP and Active Directory, use the format ldap://hostname:port or ldaps://hostname:port

A certificate that establishes trust for the LDAPS endpoint of the Active Directory server is required when you use ldaps:// in the primary or secondary LDAP URL.

For OpenLDAP and Active Directory, the port is typically 389 for ldap: connections and 636 for ldaps: connections.

For Active Directory multi-domain controller deployments, the port is typically 3268 for ldap: connections and 3269 for ldaps: connections.

Secondary server URL

(Optional) Address of a secondary LDAP server used for failover.

Base DN for users

The base Distinguished Name for users.

Domain name

The domain's DNS name.

Domain alias

(Optional) The domain's NetBIOS name.

Base DN for groups

The base Distinguished Name for groups.

Authentication type

Anonymous: The identity source server uses no authentication.

Password: The identity source server uses a combination of user name and password for authentication.

Reuse Session: The Single Sign On server reuses the process session credentials to authenticate against the external server.

This type of authentication is supported only if the identity source is an Active Directory server and the Single Sign On server runs as a user that has been authenticated against the same Windows domain to which the Active Directory server belongs.

User name

The ID of an Active Directory user with a minimum of read-only access to Base DN for users and groups.


The password of the Active Directory user with a minimum of read-only access to Base DN for users and groups.


When you use the authentication type Password for an identity source, you must update the identity source details whenever the password changes for the configured user. You update the password on the Edit Identity Source dialog box.


Click Test Connection to ensure that you can connect to the identity source.


Click OK.