In the vSphere Web Client, users listed on the Users tab are internal to vCenter Single Sign On. These users are not the same as local operating system users, which are local to the operating system of the machine where Single Sign On is installed (for example, Windows).

When you add a Single Sign On user with the Single Sign On administration tool, that user is stored in the Single Sign On database, which runs on the system where Single Sign On is installed. These users are part of the domain System-Domain. Exactly one system identity source is associated with an installation of Single Sign On.

Review and understand the vCenter Single Sign On password requirements defined on the Policies tab in the Single Sign On administration tool.


Browse to Administration > Access > SSO Users and Groups in the vSphere Web Client.


On the Users tab, click the New User icon.


Type a user name and password for the new user.

You cannot change the user name after you create a user.

The password must meet the password policy requirements for the system.


(Optional) Type the first name and last name of the new user.


Type the email address for the new user.


Select the type of permissions the user is granted.

User roles are incremental. More powerful roles are supersets of weaker roles.



Guest user

(Default) Guest access users are allowed to change their own passwords. Guest users cannot browse Single Sign-On users and groups, nor can they view or edit Single Sign-On configuration options.

Regular user

Regular access users are allowed limited self-management capabilities, such as updating an email address or password. Regular users can browse Single Sign-On users and groups. They can view but not edit Single Sign-On configuration options.

Administrator user

Administrator access allows a user complete super user privileges on the Single Sign On system, including the ability to create users and groups, assign permissions, add identity sources, and modify policies (lockout and password). Upon installation, only one user (admin@System-Domain) has this role.


On the vCenter Server Appliance, local operating system administrators (for example, root) also have vCenter Single Sign-On administrator privileges.


(Optional) Enter a description of the user.


Click OK.