Users in the local domain, vsphere.local by default, can change their vCenter Single Sign-On passwords from a Web interface. Users in other domains change their passwords following the rules for that domain.

The vCenter Single Sign-On lockout policy determines when your password expires. By default, vCenter Single Sign-On user passwords expire after 90 days, but administrator passwords such as the password for administrator@vsphere.local do not expire. vCenter Single Sign-On management interfaces show a warning when your password is about to expire.

Note: You can change a password only if it is not expired.

If the password is expired, the administrator of the local domain, administrator@vsphere.local by default, can reset the password by using the dir-cli password reset command. Only members of the Administrator group for the vCenter Single Sign-On domain can reset passwords.

Procedure

  1. Log in with the vSphere Client to the vCenter Server connected to the Platform Services Controller.
  2. Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.
    If you specified a different domain during installation, log in as administrator@ mydomain.
  3. In the upper navigation pane, to the right of the Help menu, click your user name to pull down the menu.
    As an alternative, you can select Single Sign On > Users and Groups and select Edit User from the vertical ellipsis menu.
  4. Select Change Password and type your current password.
  5. Type a new password and confirm it.
    The password must conform to the password policy.
  6. Click OK.