Organizations are the unit of multi-tenancy within vCloud Director and represent a single logical security boundary. A vCloud Director organization maps to an end customer. Organizations can use local vCloud Director accounts or direct LDAP integration (with optional SSPI), or can integrate with SAML2 or OAuth with a compatible identity provider (VMware Identity Manager, Microsoft Active Directory Federation Services, OpenAM, and so on).

An administrative organization is typically created to provide global catalogs and possibly other shared services (licensing servers, patching repositories, and so on).

vCloud Director system administrator access can be managed by using integrated LDAP authentication or by federation with vCenter Single Sign-On service, which allows seamless management integration between vCloud Director and vSphere objects. If vCenter Single Sign-On is federated, when trying to log in, the vCloud Director system administrator is redirected to the VMware vSphere Web Client for the authentication. Therefore, proper network connectivity is required for the administrators not only to vCloud Director but also to a particular vSphere Web Client. vCenter Single Sign-On can also provide two-factor authentication¹ for provider access.