[Solved] : Reset Password for SSO Administrator vSphere 6.7

Single Sign-On password Expires by default every 90 day , if you found your self unable to login with SSO Administrator Account or you forget the Login password  ,  it is not possible to manage SSO without SSO administrator. You wouldn’t even be able to promote another user as an SSO Administrator , So you need to rest the password via ssh to vCenter

Note : this method apply for vCenter 6.5 and 6.7

to do that you have to SSH to vCenter and login with root account

if you didn’t enable Bash Shell you need to do so by using below command

shell.set –enabled true


after we granted shell access to vCenter we need to run the vdcadmintool to reset the SSO account password


Select Number 3 Reset account password

this will allow you to reset SSO Administrator password , you will be asked to enter the Account UPN which have format : SSOusername@vsphereDomain.local

after that a new password will be generated


use the new generated password to login to vSphere Client (HTML5) or vSphere Web Client (Flex)

We are going to Change the SSO Administrator Password

i’m going to use vSphere Client (HTML5) with lovely Dark Them 😀

from Menu -> Administration -> Single Sing-On -> User and Groups

chose the “SSODomain.local” them you will find all local account including Administrator account  which we are going to Change it’s password




now we rested the SSO Administrator password , you can change the default expiration 90 day


from Menu -> Administration -> Single Sing-On -> Configuration

then chose policies -> password Policy -> Edit

if you chose 0 it will never expire