you can utilize an additional module besides PowerCLI that will help you with this:
https://github.com/vmware/PowerCLI-Example-Scripts
so first
git clone https://github.com/vmware/PowerCLI-Example-Scripts.git
Then enter the directory and import the module for SSO
C:\Users\Greg-Admin\PowerCLI-Example-Scripts\Modules\VMware.vSphere.SsoAdmin> Import-Module .\VMware.vSphere.SsoAdmin.psd1
When you have it loaded, you can now connect to SSO:
Connect-SsoAdminServer -Server vc005.greg.labs -User 'administrator@vsphere.local' -Password 'VMware1!'
Name : vc005.greg.labs
ServiceUri : https://vc005.greg.labs/sso-adminserver/sdk/vsphere.local
User : administrator@vsphere.local
Id : /SsoAdminServer=vsphere.local/administrator@vc005.greg.labs
IsConnected : True
Client : VMware.vSphere.SsoAdminClient.SsoAdminClient
RefCount : 1
Once connected, you can create the user for your SSO domain, in my example i use vsphere.local
New-SsoPersonUser -UserName 'greg12' -Password '1!SecretPassword!1' -FirstName 'Greg' -LastName 'Gregzon' | Set-SsoPersonUser -Group (Get-SsoGroup -Domain 'vsphere.local' -Name Administrators) -Add
Name : greg12
Domain : vsphere.local
Description :
FirstName : Greg
LastName : Gregzon
EmailAddress :
Locked : False
Disabled : False
PasswordExpirationRemainingDays : 90
Which creates the user and adds the user into Administrators group in vsphere.local domain.
If you want to solve this using SSH, you can do it by utilizing the command in vcenter appliance dir-cli
ssh root@vc005.greg.labs /usr/lib/vmware-vmafd/bin/dir-cli user create --account greg7 --first-name Grzegorz --last-name gregzon --user-password '1!SuperSecret1!' --password 'VMware1!'
Assuming you have your public key added in the root .ssh/authorized_keys, it should not prompt for password.