Administrator Access to Cisco ISE
You can connect to ISE servers in several ways. The PAN runs the Administrators portal, which requires the admin password to log in. Other ISE persona servers can be accessed by SSH or the console, where you run the CLI. This section describes the process and password options available for each connection type.
Admin password: The ISE Admin user that you created during installation is configured to time out in 45 days by default. You can prevent that by turning off password time on Password Policy tab, and uncheck Administrative passwords expire under Password Lifetime.. Chose the
If you don’t do this, and the password expires, you can reset the Admin password in the CLI. The CLI command is application reset-passwd. You can either connect to the console to access the CLI, or reboot the ISE image file to access the boot options menu, to reset the Admin menu.
CLI password: The CLI password is specified during installation. If you have a problem logging in with to the CLI because of an invalid password, you can reset the CLI password by connecting to console and running the password CLI command. See the ISE CLI Reference for more information.
SSH access to the CLI: You either enable SSH access during installation, or after, using the CLI command service sshd. You can also force SSH connections to use a key. Note that when you do that, SSH connections to all network devices will also use that key, see SSH Key Validation. You can force the SSH key to use the Diffie-Hellman Algorithm Securing SSH Key Exchange Using Diffie-Hellman Algorithm. ECDSA keys are not supported for SSH keys.
Enter the Cisco URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/).
Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.
Click Login or press Enter.
If your login is unsuccessful, click the Problem logging in? link in the Login page and follow the instructions.
Administrator Login Browser Support
The Cisco ISE Admin portal supports the following HTTPS-enabled browsers:
Mozilla Firefox versions 31.x ESR, 32.x, and 33.x
Microsoft Internet Explorer 10.x and 11.x
Adobe Flash Player 22.214.171.124 or above must be installed on the system running your client browser.
The minimum required screen resolution to view the Admin portal and for a better user experience is 1280*800 pixels.
Administrator Lockout Following Failed Login Attempts
If you enter an incorrect password for your specified administrator user ID enough times, the Admin portal “locks you out” of the system, adds a log entry in the Server Administrator Logins report, and suspends the credentials for that administrator ID until you have an opportunity to reset the password that is associated with that administrator ID, as described in the “Performing Post-Installation Tasks” chapter of the Cisco Identity Services Engine Hardware Installation Guide. The number of failed attempts that is required to disable the administrator account is configurable according to the guidelines that are described in 'User Account Custom Attributes and Password Policies' section. After an administrator user account gets locked out, an e-mail is sent to the associated administrator user.
Disabled System administrators' status can be enabled by any Super Admin, including Active Directory users.