One of the most common sources of confusion in VMware Cloud Foundation is simply: which user ID do I log in with, and to what? Is it vcf, root, admin, or administrator@vsphere.local? Every VCF 9 component ships its own built-in accounts, each meant for a different job — UI, API, SSH/OS, or a service account VCF uses behind the scenes.
Here is a quick cheat sheet of the default accounts per component in VCF 9, what each one is for, and where you actually use it.
VCF 9 login accounts — cheat sheet
| Component | Default / built-in user ID(s) | Purpose — where you use it | Notes |
|---|---|---|---|
| SDDC Manager (appliance / role) | vcf, root, admin@local, backup | vcf = SSH/CLI super user (sudo) on the appliance; root = OS root; admin@local = local account for the REST API and the lookup_passwords command; backup = SFTP backup account. | Day-to-day management is through VCF Operations. admin@local is the “ADMIN” account used to look up the other passwords. |
| VCF Operations / Fleet Management | admin, root | admin = product UI / fleet & lifecycle console login; root = appliance OS (SSH) and the cluster Admin portal (/admin). | The main VCF 9 control plane. You usually sign in with SSO or the local admin. |
| vCenter Server | administrator@vsphere.local, root | administrator@vsphere.local = vSphere SSO admin for the vSphere Client UI & API; root = VCSA appliance root (VAMI :5480, SSH, console). | “Log in to vCenter” almost always means administrator@vsphere.local; root is appliance-only. |
| NSX Manager | admin, root, audit | admin = NSX UI & API admin; root = appliance OS (SSH); audit = read-only auditing. | Use admin for NSX work; audit for read-only visibility. |
| ESXi host | root, svc-vcf-esxi_<host> | root = host admin (Host Client, SSH, DCUI); svc-vcf-esxi_<host> = VCF-created service account VCF uses to manage the host. | Don’t delete the svc-vcf-* account — VCF needs it to manage the host. |
| NSX Advanced Load Balancer (Avi) | admin | admin = Avi Controller UI & API admin. | Service Engines have no interactive login. |
| VCF Operations for Logs | admin, root | admin = Logs UI admin; root = appliance OS. | — |
| VCF Operations for Networks | admin@local, support | admin@local = platform UI admin; support = appliance console / CLI. | UI sign-in is the platform admin@local. |
| VCF Automation | root, org / cloud admin (SSO) | root = appliance OS; the org / cloud admin (via Identity Broker / SSO) = product login for Assembler & Service Broker. | Tenant access flows through the identity provider, not a local product password. |
| VCF Installer (greenfield bring-up) | admin (admin@local), root | admin = installer UI; root = appliance OS. | Temporary appliance used only for bring-up. |
How accounts work in VCF 9
VCF 9 centralizes credential management in VCF Operations (Fleet Management). Rather than tracking these passwords yourself, treat the platform as the source of truth:
- VCF Operations → Passwords lists every managed account with its Account Type (SYSTEM vs USER) and Credential Type (SSH vs API), and lets you rotate or remediate them fleet-wide.
- On the SDDC Manager appliance, the
lookup_passwordscommand returns the current credentials — it requires theadmin@local(ADMIN) account. - Always rotate through VCF Operations, not directly on the component — changing a password on the component itself puts it out of sync with the fleet.
- The
svc-vcf-*service accounts are created and used by VCF — don’t delete or hand-edit them.
Rule of thumb: use the application admin (admin / administrator@vsphere.local / admin@local) for the UI and API; use root only for appliance-level tasks (SSH / VAMI / console); and use vcf for the SDDC Manager CLI. When in doubt, open VCF Operations → Passwords and look it up.
Note: exact account names and which accounts are present can vary by deployment, version and the optional components you run. Always confirm against your VCF Operations Passwords inventory and the current Broadcom documentation.
See also: VCF Operations Deployment & Setup (where the Passwords inventory lives) and the VCF 9 interactive walkthroughs.
About The Author
