A lockout policy specifies the conditions under which a user's vCenter Single Sign On account is locked. In vSphere 5.1, you log in to the Single Sign On server rather than in to individual vCenter Server systems. This means that the lockout policy applies to users who access vCenter Server by logging in to the vSphere Web Client. You can edit the lockout policy.

A vCenter Single Sign On user account might be locked when a user exceeds the allowed number of failed attempts to log in. The lockout policy allows you to specify the maximum number of failed login attempts and how much time can elapse between failures. The policy also specifies how much time must elapse before the account is automatically unlocked.


Browse to Administration > Sign-On and Discovery > Configuration.


Click the Policies tab and select Lockout Policy.


Click Edit.


Edit the Lockout Policy Basics and Configuration parameters.




Description of the lockout policy (for example, Default).

Max number of failed login attempts

Maximum number of failed login attempts allowed before the account is locked.

Time interval between failures (seconds)

Time period in which failed login attempts must occur to trigger a lockout.

Unlock time (seconds)

The amount of time that the account will remain locked. When you enter 0, the administrator must unlock the account explicitly.


Click OK.