vCenter Single Sign-On policies enforce the security rules for local accounts and tokens in general. You can view and edit the default vCenter Single Sign-On password policy, lockout policy, and token policy.
Edit the vCenter Single Sign-On Password Policy The vCenter Single Sign-On password policy determines the password format and password expiration. Password policy applies only to users in the vCenter Single Sign-On domain (vsphere.local).
Edit the vCenter Single Sign-On Lockout Policy If a user attempts to log in with incorrect credentials, a vCenter Single Sign-On lockout policy specifies when the user's vCenter Single Sign-On account is locked. Administrators can edit the lockout policy.
Edit the vCenter Single Sign-On Token Policy The vCenter Single Sign-On token policy specifies token properties such as the clock tolerance and renewal count. You can edit the token policy to ensure that the token specification conforms to security standards in your corporation.
Edit Password Expiration Notification for Active Directory (Integrated Windows Authentication) Users The Active Directory password expiration notification is separate from the vCenter Server SSO password expiration. The default password expiration notification for an Active Directory user is 30 days but the actual password expiration depends on your Active Directory system. The vSphere Client controls the expiration notification. You can change the default expiration notification to meet the security standards in your corporation.