In this use case of the Service Provider SSO, a vCloud administrator provides credentials to the UI client only once, which validates them against the SSO server. If the validation is successful, the SSO server issues a SAML token, which then can be used by the UI client to access both vCenter and vCloud Director without having to enter credentials multiple times. The logical architecture for this is shown in Figure 36.