VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Configure the Password Expiration Policy for vCenter Single Sign-On

Define the interval of time before the password of a user account in the
vsphere.local
 domain in
VMware Cloud Foundation
 expires and a change is enforced.
The password expiration policy applies only to the user accounts in the
vsphere.local
 domain for the vCenter Single Sign-On built-in identity provider. The policy does not apply to local system accounts and
administrator@vsphere.local
.
SDDC Manager creates dedicated service accounts within the vCenter Single Sign-On built-in identity provider. Changing the password expiration policy affects these service accounts too.
Setting
Default Value
Maximum lifetime
90

UI Procedure

  1. Log in to the management domain vCenter Server at
    https://<management_vcenter_server_fqdn>/ui
     by using an account with
    Administrator
     privileges.
  2. From the vSphere Client Menu, select
    Administration
    .
  3. In the
    Single sign on
     section, click
    Configuration
    .
  4. On the
    Configuration
     page, click the
    Local accounts
     tab.
  5. In the
    Password policy
     section, click
    Edit
  6. Enter a value for the
    Maximum lifetime
     setting according to the requirements of your organization and click
    Save
    .

PowerShell Procedure

  1. Start Windows PowerShell.
  2. Replace the values in the sample code and run the commands in the PowerShell console.
    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "administrator@vsphere.local"
$sddcManagerPass = "VMw@re1!"

$sddcDomainName = "sfo-m01"

$maxDays = "90"
  3. Perform the configuration by running the command in the PowerShell console.
    Update-SsoPasswordExpiration -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -maxDays $maxDays

Content feedback and comments