SSO User Management–Account Policies

Procedure

1. Browse to Administration > Sign-On and Discovery > Configuration in the vSphere Web Client.

2. Click the Policies tab and select Password Policies.

3. Click Edit.

SNAGHTMLb3fcd09

If the administrator password for the Single Sign On system expires and you are unable to log in to the vSphere Web Client, a user with Single Sign On administrator privileges must reset it or you have to reset password from command line.

Reset vCenter SSO Password

1. Open a command prompt and navigate to C:Program FilesVMwareInfrastructureSSOServerssolscli

2. Run the following command

ssopass username

3. Enter the current password for the user, even if it has expired.

4. Enter the new password and enter it again for confirmation.

Lockout Policy Basics and Configuration parameters

SNAGHTMLb594fb0

 

Security Best Practice: You cannot rename admin@system-domain user, instead it is recommended to create equivalent user with same privileges as admin user and disable admin user. It is also recommended to change the password and account lockout policy to same as your active directory domain

 

 

2 thoughts on “SSO User Management–Account Policies”

  1. There is one other major flaw with the Installation process. If you choose Simple install you bypass the option to pick a HA/Multi Site install. This may seem OK but once you have installed using this method you cannot configure Linked Mode as this is not possible on a Basic Install.
    The VMware fix is to uninstall all vCenter and products from the vCenter server and reinstall manually (Not Simple Install)

    The thing that makes this ridiculous is when you follow this method there is only 2 extra screens to choose from. So this means Simple install has saved 2 screen options to go through but created a massive headache to fix for those who missed this on Upgrades/Installs.

    All i can say is what a joke.

Comments are closed.