Adding AD Accounts or Groups to SSO Admins
You’ll need access to the SSO local admin account, which is admin@System-Domain. I had to get used to memorizing the name of this account, as it was weird (for me) to not include a “.local” or something at the end of the string.
Log in to the vSphere Web Client using the admin@System-Domain account, then click on the Administration field in the left side navigation bar. From there, select the “SSO Users and Groups” option, then the Groups tab, as shown below.
By using the admin@System-Domain account, you can edit the SSO user and group permissions
For this example, I’ve decided to search and add my own AD account to the “__Administrators__” group. Select the group and click the button with the little man with a plus sign next to his face (see picture above). Once there, I changed the Identity source to my domain (glacier.local) and searched for my name. I then clicked my account and pressed the Add button.
I’m adding my AD account to the SSO Administrators group
AD Account With Full SSO Administrator AccessNow, when I log in using my Chris AD account, I can see all of the SSO configuration sections in the vSphere Web Client.
