The other day I was finalizing a vCAC setup I was toying with in my lab and wanted to explore a little bit further in the customization options available.

One thing that gets immediately noticed when you try to log in into your vCAC tenant is that you get redirected to your SSO host to perform the authentication, and the login page is quite anonymous and strongly VMware branded, I wanted to change the aspect of it to something more custom and add the Go SDDC robot logo.

I found out that one of my fellow GTS colleagues Andrea Siviero already explored the branding possibilities of that page so I decided to write a quick tutorial around his findings.


These modifications are absolutely NOT SUPPORTED by VMware, they should be harmless but may disappear at any time, I strongly warn you about making these modifications in a production environment.

Andrea discovered that it’s possible to brand the SSO login page per tenant by changing the vmwSTSBrandName property inside the SSO LDAP tree, let’s see how we can modify that in our environment.

First of all, we will need a LDAP browser, I personally use JXplorer as it’s free and works on every platform, but as usual, pick your favorite.

Once opened, you’ll need to configure JXplorer to point to the SSO LDAP directory, these are the defaults (should work for everybody):

Host: <SSO hostname or ip>
Port: 11711
Protocol: LDAP v3
Base DN: dc=vsphere,dc=local
Security Level: User + Password
User DN: cn=Administrator,cn=Users,dc=vsphere,dc=local
Password: <SSO Administrator password>

Login using JXplorer

And make sure to save your connection as template for easy reuse.

Once you click OK you should see the SSO LDAP tree appear, browse to Services > IdentityManager > Tenants and you’ll find your vCAC tenants (mine is called gosddc) click on the tenant name and on the right pane you’ll see the LDAP attributes of that node, including vmwSTSBrandName which is the one we’re interested in.

LDAP tree

Now switch to Table Editor on the top tab and by double-clicking on vmwSTSBrandName value you’ll be able to modify the branding code of the page, once you’re done editing, click OK and click Submit, this will record the modification in the LDAP tree.

Editing LDAP properties

Once you made the modification permanent, log out of your tenant and try to log in again, the new SSO page should appear, if it doesn’t, make sure you empty the cache of your browser, this is my branded tenant login page:

Branded SSO Login Page

And it’s really that simple! very easy to test as modifications are picked up immediately without the need to restart any process or service, the only thing that is probably worth repeating is that this customization is NOT SUPPORTED by VMware and should not be used in production.

Fabio Rapposelli Picture

About the author...