Members of a vCenter Single Sign-On group can be users or other groups from one or more identity sources. You can add new members from the vSphere Client.
See the VMware knowledge base article at https://kb.vmware.com/s/article/2095342 for the background information.
Groups listed on the Groups tab in the Web interface are part of the vsphere.local domain. See Groups in the vCenter Single Sign-On Domain.
Procedure
- Log in with the vSphere Client to the vCenter Server.
- Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.
If you specified a different domain during installation, log in as administrator@
mydomain.
- Navigate to the vCenter Single Sign-On user configuration UI.
- From the Home menu, select Administration.
- Under Single Sign On, click Users and Groups.
- Click Groups and click the group (for example, Administrators).
- Click Edit.
- From the Domain drop-down menu, select the identity source that contains the member to add to the group.
If you have configured an external identity provider, such as AD FS, the domain of that identity provider is available to select in the
Domain drop-down menu.
- Enter a search term.
- Select the member.
You can add more than one member.
- For vSphere+ environments if you select VMware ID from the Domain drop-down menu, then enter the name of the CSP account in the Username field.
Note:
Enter the email address of the CSP account in the Username field. CSP accounts cannot be searched for in the VMwareID domain.
- Click Save.