To ensure security in VMware Aria Operations, you must manage user passwords. Determine the criteria used for account lockout, password strength, and the password change policy. When a user session becomes inactive for 30 minutes, the session times out, and the user must log in to VMware Aria Operations again.

Where You Manage the Password Policy

  1. From the left menu, click Administration, and then click the Global Settings tile.
  2. Click User Access and navigate to Password Policy.
Account Lockout
Indicates whether the account lockout is in effect, and indicates the number of login attempts allowed before the account is locked. The account lockout policy is activated by default.
Password Strength
Indicates whether the policy that requires users to strengthen their password is in effect, and the minimum number of characters required to make a strong password. The password strength policy is activated by default.
Password Change
Indicates whether the policy that requires users to change their password is in effect, how often the password expires, and whether users will receive a warning. The account password change policy is activated by default.
Concurrent UI login sessions
Indicates whether a user can have concurrent UI login. The concurrent UI login sessions policy is activated by default.
Allow non-imported vIDM user access
The policy allows non-imported VMware Identity Manager users to be created automatically as read-only users upon first access. If deactivated, only VMware Identity Manager imported users or users belonging to imported VMware Identity Manager groups will be granted access.

Modify the Password Policy Settings

You can modify the following password policy settings .

Table 1. Access Control Edit Password Policy Settings
Option Description

Account Lockout

Modify the settings to lock user accounts.
  • Activate Account Lockout Policy. Activate the policy to lock user accounts. For a super administrator user, the account lockout policy is activated by default and cannot be deactivated. The super administrator user account is locked for approximately one hour, and then unlocked.
  • Number of failed login attempts before lockout. Indicates the number of tries that a user can attempt to log in to VMware Aria Operations before their account is locked. The default number of tries is seven.
  • Login fail eviction time. Indicates the time available for the user to complete the login attempts. You can set fail evication time in seconds.

Password Strength

Modify the settings required for users to create strong passwords.
  • Activate Password Strength Policy. When selected, activates the policy to require users to strengthen their password.
  • Minimum password length. Indicates the number of characters required for user passwords. The default length is eight characters.
  • Passwords must contain numbers. When selected, users must include a combination of numbers and letters in their passwords.
  • Passwords must not match user names. To ensure security, users are not allowed to use their user name as their password.
  • Passwords must contain at least one uppercase and one lowercase letter. When selected, users must include one or more uppercase and lowercase characters.
  • Passwords must contain special characters. When selected, users must include one or more special characters. Special characters include: !@#$%^&*+=

Password Change

Modify the settings required for users to change their password.
  • Activate Password Change Policy. Activate the policy to require users to change their password at specific intervals.
  • Passwords expire every 90 days. Users receive notification five days before the password expires.
  • Warn users 5 days prior to expiration. Indicate when to have VMware Aria Operations notify users that their password will expire. The default is five days before their password expires.