The vCenter Single Sign-On password policy governs the format and expiration of vCenter Single Sign-On user passwords. The password policy applies only to users in the vCenter Single Sign-On domain (vsphere.local).

By default, vCenter Single Sign-On passwords expire after 90 days. The vSphere Web Client reminds you when your password is about to expire.

See Change Your vCenter Single Sign-On Password.


  1. From a Web browser, connect to the vSphere Web Client or the Platform Services Controller.
    Option Description
    vSphere Web Client https://vc_hostname_or_IP/vsphere-client
    Platform Services Controller https://psc_hostname_or_IP/psc

    In an embedded deployment, the Platform Services Controller host name or IP address is the same as the vCenter Server host name or IP address.

  2. Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.
    If you specified a different domain during installation, log in as administrator@ mydomain.
  3. Navigate to the vCenter Single Sign-On configuration UI.
    Option Description
    vSphere Web Client
    1. From the Home menu, select Administration.
    2. Under Single Sign-On, click Configuration.
    Platform Services Controller Click Single Sign-On and click Configuration.
  4. Click the Policies tab and select Password Policies.
  5. Click Edit.
  6. Edit the password policy parameters.
    Option Description
    Description Password policy description.
    Maximum lifetime Maximum number of days that a password is valid before the user must change it. The maximum number of days you can enter is 999999999. A value of zero (0) means that the password never expires.
    Restrict reuse Number of previous passwords that cannot be reused. For example, if you type 6, the user cannot reuse any of the last six passwords.
    Maximum length Maximum number of characters that are allowed in the password.
    Minimum length Minimum number of characters required in the password. The minimum length must be no less than the combined minimum of alphabetic, numeric, and special character requirements.
    Character requirements
    Minimum number of different character types that are required in the password. You can specify the number of each type of character, as follows:
    • Special: & # %
    • Alphabetic: A b c D
    • Uppercase: A B C
    • Lowercase: a b c
    • Numeric: 1 2 3

    The minimum number of alphabetic characters must be no less than the combined uppercase and lowercase characters.

    In vSphere 6.0 and later, non-ASCII characters are supported in passwords. In earlier versions of vCenter Single Sign-On, limitations on supported characters exist.

    Identical adjacent characters Maximum number of identical adjacent characters that are allowed in the password. For example, if you enter 1, the following password is not allowed: p@$$word.

    The number must be greater than 0.

  7. Click OK.