Users in the vsphere.local domain can change their vCenter Single Sign-On passwords from the vSphere Web Client. Users in other domains change their passwords following the rules for that domain. You can change a vCenter Single Sign-On password from the vSphere Web Client.

The vCenter Single Sign-On lockout policy determines when your password expires. By default, vCenter Single Sign-On user passwords expire after 90 days, but administrator passwords such as the password for administrator@vsphere.local do not expire. vCenter Single Sign-On management interfaces show a warning when your password is about to expire.

This procedure explains how you can change a password. If your password is expired, the administrator of the local domain (vsphere.local by default) or another member of the Administrators group for the local domain can reset the password by using the dir-cli password reset command.


Log in to the vSphere Web Client using your vCenter Single Sign-On credentials.


In the upper navigation pane, to the left of the Help menu, click your user name to pull down the menu.

As an alternative, you can select Administration > Single Sign-On > Users and Groups and select Edit User from the right-button menu.


Select Change Password and type your current password.


Type a new password and confirm it.

The password must conform to the password policy.


Click OK.