A Single Sign On password policy is a set of rules and restrictions on the format and age of Single Sign On user passwords. The password policy applies to Single Sign On (System-Domain) users only.

By default, Single Sign-On passwords expire after one year.


The vSphere Web Client does not remind you when your password is about to expire. If your password expires and you are unable to log in to the vSphere Web Client, a Single Sign-On user with administrator privileges can reset it. If the administrator password expires, any Single Sign-On administrator can reset it for you, or you can reset the password at the command line using your expired password.


Browse to Administration > Sign-On and Discovery > Configuration in the vSphere Web Client.


Click the Policies tab and select Password Policies.


Click Edit.


Edit the Lifetime and Format parameters.



Maximum lifetime

Maximum number of days a password can exist before the user must change it.

Restrict re-use

Number of the user's previous passwords that cannot be selected. For example, if a user cannot reuse any of the last five passwords, type 5.

Maximum length

Maximum number of characters allowed in the password.

Minimum length

Minimum number of characters required in the password. The minimum length must be no less than the combined minimum of alphabetic, numeric, and special character requirements.

Character requirements

Minimum number of different character types required in the password.

Special: & # % etc.

Alphabetic: A b c D

Uppercase: A B C

Lowercase: a b c

Numeric: 1 2 3

The minimum number of alphabetic characters must be no less than the combined uppercase and lowercase requirements.

Identical adjacent characters

Maximum number of identical adjacent characters allowed in the password. Must be greater than 0. For example, if you enter 1, the following password is not allowed: p@$$word.


Click OK.