To give access to single sign-on for Windows Active Directory users the Platform service controller (PSC) can be added to AD and an identity source can be added.
To join the PSC to an AD domain. Logon to the vCSA and go to Administration
Once in administration go to Deployment > System Configuration > then select the nodes since I am using an embedded PSC and vCenter there is only one Node. 
Enter Domain details and username password.
After the domain join has completed a reboot will be required to complete the domain join.
The domain should now show and the Join tab will be grayed out. 
To add permission for the new domain user go to Administration > Single Sign-on and add the domain as an Identity Sources
Once click add identity source go to AD windows authentication
The domain name should be already populated and I used the machine account. 
Once completed the identity source should show. 
To add a group to the global permissions go to Administration > Access Control > Global permissions > Manage.
Select the domain and account to add. 
Select role to assign. 
The group or user should know show in the Global Permissions. 
TheSleepyAdmins 