What is your desired result? Do you only want a certain group of users in your domain to access the web client?
After you connect your SSO domain to your Windows AD domain, you should configure Roles and Permissions to limit access to vCenter.
Choose a role that fits what you want. (or create a new Role) (Home > Administration > Roles)
Add a new permission at the desired Cluster, or vCenter level. (permissions tab)
Assign Role to this permission.
Assign AD User or Group to this permission.