Users in the local domain, vsphere.local by default, can change their vCenter Single Sign-On passwords from the vSphere Client. Users in other domains change their passwords following the rules for that domain.

The vCenter Single Sign-On lockout policy determines when your password expires. By default, vCenter Single Sign-On passwords expire after 90 days, but administrator passwords such as the password for administrator@vsphere.local do not expire. vCenter Single Sign-On management interfaces show a warning when your password is about to expire.

Note: You can change a password only if it is not expired.

If the password is expired, the administrator of the local domain, administrator@vsphere.local by default, can reset the password by using the dir-cli password reset command. Only members of the Administrator group for the vCenter Single Sign-On domain can reset passwords.

Procedure

  1. Log in with the vSphere Client to the vCenter Server.
  2. Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.
    If you specified a different domain during installation, log in as administrator@ mydomain.
  3. In the upper navigation pane, click your user name to pull down the menu and select Change Password.
  4. Enter your current password.
  5. Enter a new password and confirm it.
    The password must conform to the password policy.
  6. Click Confirm.
    As an alternative, you can select Single Sign On > Users and Groups, select the user, and click Edit.