Cisco ISE Administrators
Cisco ISE administrators can use the admin portal to:
Manage deployments, help desk operations, network devices, and node monitoring and troubleshooting.
Manage Cisco ISE services, policies, administrator accounts, and system configuration and operations.
Change administrator and user passwords.
Administrators can access Cisco ISE through the CLI or the web-based interface. The username and password that you configure during the Cisco ISE setup is intended only for administrative access to the CLI. This role is considered to be the CLI admin user, also known as CLI administrator. By default, the username for a CLI admin user is admin, and the password is defined during setup. There is no default password. This CLI admin user is the default admin user, and this user account cannot be deleted. However, it can be edited by other administrators, including options to enable, disable, or change password for this account.
You can either create an administrator or you can promote an existing user to an administrator role. Administrators can also be demoted to simple network user status by disabling the corresponding administrative privileges.
Administrators can be considered as users who have local privileges to configure and operate the Cisco ISE system.
Administrators are assigned to one or more admin groups. These admin groups are predefined in the system for your convenience, as described in the following section.
Privileges of a CLI Administrator Versus a Web-Based Administrator
A CLI administrator can start and stop the Cisco ISE application, apply software patches and upgrades, reload or shut down the Cisco ISE appliance, and view all the system and application logs. Because of the special privileges granted to a CLI administrator, we recommend that you protect the CLI administrator credentials and create web-based administrators for configuring and managing Cisco ISE deployments.
Create a New Cisco ISE Administrator
Cisco ISE administrators need accounts with specific roles assigned to them to perform specific administrative tasks. You can create administrator accounts and assign one or more roles to these admins based on the administrative tasks that these admins have to perform.
You can use the Admin Users window to view, create, modify, delete, change the status, duplicate, or search for attributes of Cisco ISE administrators.
From the drop-down, choose one of the following options:
Enter values in the fields. The characters supported for the Name field are # $ ’ ( ) * + - . / @ _. Unsupported character for the password field is '(apostrophe).
Click Submit to create a new administrator in the Cisco ISE internal database.