top of page
  • viquarmca

How to Update or change SSO password in VCF 4.x

One of my friend came up to me with a question how can we replace the SSO password from SDDC Manager. He had requirement to change the SSO password but if we change the SSO password outside of SDDC then it will break the VCF. So the question was how to change the password of SSO from SDDC instead of VC.I am sure many other people who are using VCF system will be looking for the procedure how to change the SSO password within SDDC. Let me show you how did I change the SSO password from SDDC Manager.

Note : Do not change the passwords for system accounts and the administrator@vsphere.local account outside SDDC Manager. This can break your VMware Cloud Foundation system.

To change the password of administrator@vsphere.local (SSO user) we all know how to do it from VC. Today we will look into the step how to change the password of SSO from SDDC into two phase , Phase -1 where we create a new user on VC and Phase -2 where we add the new user into SDDC users list as Admin and then change the password.

Phase -1

  1. Login to VC with administrator@vsphere.local

  2. Go to Administration -> SSO -> Users and Groups -> Select domain vsphere.local -> Click ADD to create a new user in my example i am creating new user called as VCFAdminuser

3. Click on Groups -> Select Administrator -> Click ADD MEMBERS , we add here the user which we created i.e. VCFAdminuser .

Now if you login to the SDDC Manager -> Administration -> Security -> Password Management - From the drop down Select PSC ( which is SSO user administrator@vsphere.local ). Click on the three dots select update password and if u try to upgrade it will fail with error .

We have logged into the SDDC GUI with administrator@vsphere.local and was trying to change the sso password which obvisouly wont allow as you cannot change the password of same user which u are logged into , you will have to use different Admin user which has the equal writes like administrator@vsphere.local.

In phase 1 we created a new user called VCFadminuser , now is the time to use that . but u cannot directly use it to login it wont work . you will have to add the new user to SDDC , which will be our Phase 2 .


  1. Login to SDDC Manager with administrator@vsphere.local .

  2. Click on Administrator -> Users -> Click USER OR GROUP , This will allow you to add new user or group.

3. Select Single user and domain as vsphere.local , it will fetch the users from the VC and you should be able to see the new user you created on VC , in my case the user name is VCFAdminuser , select that user it will ask to choose the role for that user we wanted our VCFAdminuser to be Admin so that we can change the password and Click Add.

4. Logout form SDDC manager as administrator@vsphere.local and login with VCFAdminuser@vsphere.local

5. Now we go to Administrator -> Security -> Password Management -> PSC -> Select Administrator@vsphere.local to change the password

Once you click update , u can see the task running below

That is for this blog very easy and straight forward steps to change the sso user password on VCF system. You can also change the same using VCF API .

Recent Posts

See All

VCF 5.1.1 Release with VMware Private AI Foundation NVIDIA

March 26th 2024 marks an exciting milestone for VMware as it unveils the VMware Cloud Foundation 5.1.1 release, introducing groundbreaking support for VMware Private AI Foundation in collaboration wit

VCF 4.5 Precheck Is Failing On NSX-T Audit

In this blog, we'll delve into resolving VCF 4.5 precheck failures specifically related to NSX-T audit, providing you with actionable insights to overcome these hurdles. Precheck Failure Error : Healt


bottom of page