A vCenter Single Sign-On lockout policy specifies when a user's vCenter Single Sign-On account is locked if the user attempts to log in with incorrect credentials. Administrators can edit the lockout policy.

About this task

If a user logs in to vsphere.local multiple times with the wrong password, the user is locked out. The lockout policy allows administrators to specify the maximum number of failed login attempts, and set the time interval between failures. The policy also specifies how much time must elapse before the account is automatically unlocked.

Note:

The lockout policy applies only to user accounts, not to system accounts such as administrator@vsphere.local.

Procedure

  1. From a Web browser, connect to the vSphere Web Client or the Platform Services Controller.

    Option

    Description

    vSphere Web Client

    https://vc_hostname_or_IP/vsphere-client

    Platform Services Controller

    https://psc_hostname_or_IP/psc

    In an embedded deployment, the Platform Services Controller host name or IP address is the same as the vCenter Server host name or IP address.

  2. Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.

    If you specified a different domain during installation, log in as administrator@mydomain.

  3. Navigate to the vCenter Single Sign-On configuration UI.

    Option

    Description

    vSphere Web Client

    1. From the Home menu, select Administration.

    2. Under Single Sign-On, click Configuration.

    Platform Services Controller

    Click Single Sign-On and click Configuration.

  4. Click the Policies tab and select Lockout Policy.
  5. Click Edit.
  6. Edit the parameters.

    Option

    Description

    Description

    Optional description of the lockout policy.

    Max number of failed login attempts

    Maximum number of failed login attempts that are allowed before the account is locked.

    Time interval between failures

    Time period in which failed login attempts must occur to trigger a lockout.

    Unlock time

    Amount of time that the account remains locked. If you enter 0, the administrator must unlock the account explicitly.

  7. Click OK.