If you add an additional identity source to vCenter SSO, such as Active Directory during vCenter Server setup, you might have noticed that you need to specify the full domain name and user id to be able to login to the vSphere Web Client.
It took me awhile to figure out where to set the default domain as I thought it would have been in the VCSA web management interface as I deployed my VCSA using an automated script. I thought I share this quick tidbit in case someone was running into a similar issue.
To specify a default domain for one of your identity sources, you will need to login to vSphere Web Client as "root" or an administrator who has access to the vCenter SSO Configurations. Click on Administration tab and then to Configuration under "Sign-On and Discovery" on the left hand side of the screen.
You should see your AD identity source at the top as well as the two default identity source provided by vCenter SSO (these can not be removed). If you want to add an identity source as a default domain, you will need to highlight your identity source and then select the CD icon with the arrow, which will add that to list of default domains at the bottom of the screen.Â
Once your domain is listed at the bottom, you will need to perform one additional step which is to actually save the configuration by clicking on the little "disk" icon. I did not realize this until I logged out and nothing changed.
Note: By default, when you add to the default domain list, you will append to the very end of the list. You have the ability to arrange the order by highlighting the domain and using the up/down arrows.
Go ahead and log out and log back in and now you only have to specify the username as the default domain will automatically be used.
Burke says
This article addresses the Appliance, but for those of you running the windows based version and wish to set the default domain as described above, you'll need to login as:
admin@system-domain
Once you've done that, you should be able to follow along 🙂
Anonymous says
Yeah, thats an important step that the WHOLE internet seems to be forgetting to leave out. kudos to you for putting it here.
Thanks
Rasmus Haslund says
Great tip! Annoying having to type in domain on every login 🙂