After you install vCenter Single Sign-On, confirm that any vCenter Server administrators in existing Active Directory (AD) domains are recognized by Single Sign-On.

If your administrators are AD users, they are migrated to Single Sign-On during a Single Sign On installation or upgrade, provided that Single Sign-On can find the AD domains. In the following circumstances, your local operating system users are not migrated to the new environment, and you will have to create new administrative users:

Single Sign-On is deployed on a different machine from vCenter Server.

Single Sign-On is deployed as a primary node in a high availability or multisite installation.

Install vCenter Single Sign-On.

Install or upgrade the vSphere Web Client to the current version.


Log in to the vSphere Web Client as the Single Sign-On administrator: admin@system-domain.


Make sure that you can access all the AD domains containing your vCenter Server administrators.


If you cannot access an AD domain, correct the problem and use the vSphere Web Client to add the AD domain.

See If Autodiscovery Fails During Single Sign-On Installation Manually Add Active Directory Domains and VMware Knowledge Base article


Assign one of the AD users as a Single Sign-On administrator.


Log out of the vSphere Web Client and log back in as the new Single Sign-On administrator user.

If you are able to connect successfully, you have configured Single Sign-On correctly.