VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Configure the Account Lockout Policy for vCenter Single Sign-On

Set the maximum number of failed login attempts and the interval of time between failures for a user account in the vsphere.local domain in
VMware Cloud Foundation
. Set also the time that must pass before the account is automatically unlocked.
The lockout policy applies only to user accounts in the vCenter Single Sign-On built-in identity provider
vsphere.local
. The policy does not apply to local system accounts and
administrator@vsphere.local
.
Setting
Default Value
Maximum number of failed login attempts
5
Time interval between failures
180 seconds
Unlock time
900 seconds

UI Procedure

  1. Log in to the management domain vCenter Server at
    https://<management_vcenter_server_fqdn>/ui
     by using an account with
    Administrator
     privileges.
  2. From the vSphere Client Menu, select
    Administration
    .
  3. In the
    Single sign on
     section, click
    Configuration
    .
  4. On the
    Configuration
     page, click the
    Local accounts
     tab.
  5. In the
    Lockout policy
     section, click
    Edit
    .
  6. Enter values for the settings according to the requirements of your organization and click
    Save
    .

PowerShell Procedure

  1. Start Windows PowerShell.
  2. Replace the values in the sample code and run the commands in the PowerShell console.
    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "administrator@vsphere.local"
$sddcManagerPass = "VMw@re1!"

$sddcDomainName = "sfo-m01"

$maxFailures = "5"
$failureAttemptInterval = "180"
$unlockInterval = "900"
  3. Perform the configuration by running the command in the PowerShell console.
    Update-SsoAccountLockout -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -failures $maxFailures -failureInterval $failureAttemptInterval -unlockInterval $unlockInterval

Content feedback and comments