vCenter Single Sign-On policies enforce the security rules in your environment. You can view and edit the default vCenter Single Sign-On password policy, lockout policy, and token policy.
What to read next
Edit the vCenter Single Sign-On Password Policy The vCenter Single Sign-On password policy governs the format and expiration of vCenter Single Sign-On user passwords. The password policy applies only to users in the vCenter Single Sign-On domain (vsphere.local).
Edit the vCenter Single Sign-On Lockout Policy A vCenter Single Sign-On lockout policy specifies when a user's vCenter Single Sign-On account is locked if the user attempts to log in with incorrect credentials. Administrators can edit the lockout policy.
Edit the vCenter Single Sign-On Token Policy The vCenter Single Sign-On token policy specifies token properties such as the clock tolerance and renewal count. You can edit the token policy to ensure that the token specification conforms to security standards in your corporation.
Edit Password Expiration Notification for Active Directory Users The Active Directory password expiration notification is separate from the vCenter Server SSO password expiration. The default password expiration notification for an Active Directory user is 30 days but the actual password expiration depends on your Active Directory system. The vSphere Client and the vSphere Web Client control the expiration notification. You can change the default expiration notification to meet the security standards in your corporation.