Password Rotation and Remediation for Identity and Access Management for VMware Cloud Foundation

For security reasons, you must change passwords for the accounts that are used by your VMware Cloud Foundation instance. Changing these passwords periodically or when certain events occur, such as an administrator leaving your organization, reduces the likelihood of security vulnerabilities.

You perform password rotation using several different methods and procedures, depending on the account type and the component of your VMware Cloud Foundation instance.

For example, if you change the password of the Active Directory binding service account, you must reconfigure the integration between Active Directory and your VMware Cloud Foundation instance.

Table 1. Procedures by Component and Account Type
Component	Account	Procedure
SDDC Manager	root	Update the Local User Password Using the Virtual Appliance Console for Identity and Access Management for VMware Cloud Foundation
	vcf	Update the Local User Password Using the Virtual Appliance Console for Identity and Access Management for VMware Cloud Foundation
	backup	Update the Local User Password Using the Virtual Appliance Console for Identity and Access Management for VMware Cloud Foundation
	admin@local	Update the Local User Password Using the Virtual Appliance Console for Identity and Access Management for VMware Cloud Foundation
ESXi	root	Rotate an Account Password Using SDDC Manager for Identity and Access Management for VMware Cloud Foundation
vCenter Server	root	Rotate an Account Password Using SDDC Manager for Identity and Access Management for VMware Cloud Foundation
	svc-vcenter_fqdn@vsphere.local	Rotate an Account Password Using SDDC Manager for Identity and Access Management for VMware Cloud Foundation
	Identity Source (LDAP) Bind User	Change Bind User Password in Active Directory Reconfigure vCenter Server Integration with Active Directory for Identity and Access Management for VMware Cloud Foundation
vCenter Single Sign-On	administrator@vsphere.local	Rotate an Account Password Using SDDC Manager for Identity and Access Management for VMware Cloud Foundation
NSX Local Manager	root	Rotate an Account Password Using SDDC Manager for Identity and Access Management for VMware Cloud Foundation
	admin	Rotate an Account Password Using SDDC Manager for Identity and Access Management for VMware Cloud Foundation
	audit	Rotate an Account Password Using SDDC Manager for Identity and Access Management for VMware Cloud Foundation
NSX Edge Node	root	Rotate an Account Password Using SDDC Manager for Identity and Access Management for VMware Cloud Foundation
	admin	Rotate an Account Password Using SDDC Manager for Identity and Access Management for VMware Cloud Foundation
	audit	Rotate an Account Password Using SDDC Manager for Identity and Access Management for VMware Cloud Foundation
Standalone Workspace ONE Access	root	Update the Local User Password Using the Virtual Appliance Console for Identity and Access Management for VMware Cloud Foundation
	sshuser	Update the Local User Password Using the Virtual Appliance Console for Identity and Access Management for VMware Cloud Foundation
	admin	Update Workspace ONE Access Admin Password for Identity and Access Management for VMware Cloud Foundation
	Identity Source (LDAP) Bind User	Change Bind User Password in Active Directory Reconfigure the Standalone Workspace ONE Access Integration with Active Directory for Identity and Access Management for VMware Cloud Foundation