In the vCenter UI, you are unable to delete specific users or groups from the Single Sign-On (SSO) configuration.

1. Navigate to Administration > Single Sign On > Users and Groups.

2. In the Users tab, you select an external domain (e.g., Active Directory) from the Domain drop-down list.

3. You select a user/group and click Delete, then confirm by clicking Remove.

4. The user or group is not removed from the list, or it immediately reappears.

vCenter Server 8.x

You cannot delete local operating system users or users in another domain from a vCenter Single Sign-On management interface.

This is expected behavior. You cannot delete users or groups that originate from an external identity source or the local operating system through the vCenter SSO management interface. vCenter Server has "Read-Only" visibility into these external directories for the purpose of assigning permissions; it does not have administrative authority to modify or delete the objects within that external source.

To remove these users or groups from the vCenter view, they must be managed at the source.

Delete a vCenter Single Sign-On User

Add or Edit a vCenter Single Sign-On Identity Source