Managing Administrator Accounts
This chapter describes the two types of administrator accounts in Cisco ISE, their privileges, and how to create these accounts. This chapter contains the following topics:
CLI-Admin and Web-Based Admin User Right Differences
The username and password that you configure by using the Cisco ISE setup program are intended to be used for administrative access to the Cisco ISE CLI and the Cisco ISE web interface. The administrator that has access to the Cisco ISE CLI is called the CLI-admin user. By default, the username for the CLI-admin user is admin and the password is user-defined during the setup process. There is no default password.
You can initially access the Cisco ISE web interface by using the CLI-admin user’s username and password that you defined during the setup process. There is no default username and password for a web-based admin.
The CLI-admin user is copied to the Cisco ISE web-based admin user database. Only the first CLI-admin user is copied as the web-based admin user. You should keep the CLI- and web-based admin user stores synchronized, so that you can use the same username and password for both admin roles.
The Cisco ISE CLI-admin user has different rights and capabilities than the Cisco ISE web-based admin user and can perform other administrative tasks.
Tasks Performed by CLI-Admin and Web-Based Admin Users
- Back up the Cisco ISE application data.
- Display any system, application, or diagnostic logs on the Cisco ISE appliance.
- Apply Cisco ISE software patches, maintenance releases, and upgrades.
- Set the NTP server configuration.
Tasks Performed Only by the CLI-Admin User
Note Web-based admin users that are created by using the Cisco ISE user interface cannot automatically log in to the Cisco ISE CLI. Only CLI-admin users can access the Cisco ISE CLI.
Refer to Accessing Cisco ISE Using a Web Browser for information on the supported browsers.
Creating CLI Admin Users
Cisco ISE allows you to create additional CLI-admin user accounts other than the one you created during the setup process. To protect the CLI-admin user credentials, create the minimum number of CLI-admin users needed to access the Cisco ISE CLI.
Step 1 Log in by using the CLI-admin username and password that you created during the setup process.
Step 2 Enter the Configuration mode.
Step 3 Enter the username command.
Note For details about the username command, see the Cisco Identity Services Engine CLI Reference Guide, Release 1.2.
Creating Web-Based Admin Users
For first-time web-based access to Cisco ISE system, the administrator username and password is the same as the CLI-based access that you configured during setup.
You can add web-based admin users through the user interface itself. See the “Creating a New Cisco ISE Administrator” section of the Cisco Identity Services Engine User Guide, Release 1.2 for additional details.