The vCenter Single Sign-On (SSO) authenticates a user against the identity source (configured in the vCenter SSO). Identity sources define how and where to verify user credentials. vSphere supports several identity source types:

• Local SSO domain: Default SSO domain created during the installation of the PSC. This is a default identity source.
• Active directory (native): When the PSC is joined to an AD domain, it is possible to use the domain or the forest as an authentication source using Kerberos authentication.
• LDAP (active directory): Use this if you don't want to join the PSC to the AD domain, or if you are using a lightweight active directory.
• LDAP (OpenLDAP): Use this if you have an open source LDAP server (such as OpenLDAP).
• Local OS: The user defined in the SAM (for a Windows-based PSC) or the /etc/passwd and /etc/shadow file (for a Linux-based PSC).

You can define as many identity sources as you need, but only one of them can be a default identity source. When an identity source is set as the default, you do not need to include the domain name as a part of the username ([email protected]) as the domain name will be appended automatically, so all you need to do is to provide a username without a domain suffix.