If you have upgraded your Virtual Infrastructure to vSphere 5.1 or 5.5, you are already aware of the addition of Single Sign On. When installing Single Sign On, a default user Admin@System-Domain is created for you with a password that you have assigned to it during the vCenter Single Sign On installation. The Admin@System-Domain user is initially the only single user that have access to manage your the Single Sign On portion of your vSphere environment.
As a good practice & to be able to track who is responsible for a particular change in your SSO you might want to assign your vSphere Administration team domain accounts administrator privillages to your vCenter Single Sign On. While it is an easy task to do, the way it must be done seems to confuse many admins who is new to vCenter SSO. Below is the instruction of doing so:
- Browse your vSphere Web Client Portal (https://<Your vCenter Machine>:9443). (Note: SSO only can be managed using the Web Client)
- Browse to Administration > Access > SSO Users and Groups in the vSphere Web Client.
- Click on the Groups Tab
- Click on the desired Group (_Administrators_)
- Click Add Principals (The icon of a person with a plus sign next to it highlighted in the above screenshot)
- Select the identity source that contains the principal to add to the group (Probably your Domain)
- Search for the desired user
- Select the desired user and click Add
- Repeat step 6-8 to add the rest of the desired users.