When installing the vCenter Platform Service Controller (PSC), a default Single Sign-On (SSO) domain is created. By default, this domain is vsphere.local, but with vSphere 6.0, this domain can be defined by the user during the installation.

The vsphere.local domain becomes an identity source for SSO. Users within this identity source can be configured to administer SSO. These users can also be assigned permissions within vCenter. Each user authenticates using a password. Password lifetime, complexity, and how to handle failed login attempts are configured by the policy in SSO. These policies should be configured to maintain compliance with the security requirements of the design.