SSO password policies
For a security baseline I found something about SSO password policies and lockout settings in the VMware Hardening Guide:
Check SSO passwords for expiration | The default SSO password policy has a password lifetime of 365 days. After 365 days, the password is expired and the ability to log is compromised. The applies to ALL SSO accounts, both Administrative and User. (there is not separate policy for both groups). Ensure the admin accounts are not about to expire |
Ensure SSO Password policy conforms to local policy | The default SSO password policy has a password lifetime of 365 days. After 365 days, the password is expired and the ability to log is compromised. The applies to ALL SSO accounts, both Administrative and User. (there is not separate policy for both groups). Ensure the policies in SSO match local policies for password management and complexity |
Hmm.. so if you don’t set it to “Never Expire” and forget to change the password before the 365 days pass, you might have a challenge. To configure the policies use the document below.
Edit a vCenter Single Sign On Password Policy
Having problems with the SSO account you might take a look at the article below
Unlocking and resetting the vCenter Single Sign On (SSO) administrator password (2034608)
This is the place to edit your settings: