When login to vCenter Web GUI with SSO account  [email protected] , it returns an error: 
   

   User account is locked. Please contact your administrator 
   

vCenter 7.0.x

vCenter 8.0.x

SSO account [email protected]  is locked .

This is the only SSO account with administrator privilege, so it is impossible to unlock it with other SSO account.

Use vdcadmintool on VCSA to unlock this account:

Run command:

     /usr/lib/vmware-vmdir/bin/vdcadmintool

It shows  8 options:

    ==================
    Please select:
    0. exit
    1. Test LDAP connectivity
    2. Force start replication cycle
    3. Reset account password
    4. Set log level and mask
    5. Set vmdir state
    6. Get vmdir state
    7. Get vmdir log level and mask
==================

Press 3, 

it chooses "3. Reset account password"

Then it asks for an account name:

     Please enter account UPN :

Input the SSO account name:   [email protected]  

 A new password is generated.

Use the new password to login to vCenter Web GUI.

For more options, refer to :

How to unlock and reset SSO password in vCenter Server using the vdcadmintool