Cisco ISE Administrators
Cisco ISE administrators use the Admin portal to:
Manage deployments, help desk operations, network devices and node monitoring and troubleshooting.
Manage Cisco ISE services , policies, administrator accounts, and system configuration and operations.
Change administrator and user passwords.
Administrators can access Cisco ISE through the command-line interface (CLI) or web-based interface. The username and password that you configure during Cisco ISE setup is intended only for administrative access to the CLI. This role is considered to be the CLI-admin user, also known as CLI administrator. By default, the username for the CLI-admin user is admin and the password is defined during setup. There is no default password. This CLI-admin user is known as the default admin user. This default admin user account cannot be deleted, but can be edited by other administrators (which includes options to enable, disable, or change password for this account).
You can create an administrator or you can promote an existing user to an administrator role. Administrators can also be demoted to simple network user status by disabling the corresponding administrative privileges.
Administrators can be considered as users who have local privileges to configure and operate the Cisco ISE system.
Administrators are assigned to one or more admin groups. These admin groups are pre-defined in the system for your convenience, as described in the following section.
Privileges of a CLI Administrator Versus a Web-Based Administrator
A CLI administrator can start and stop the Cisco ISE application, apply software patches and upgrades, reload or shut down the Cisco ISE appliance, and view all system and application logs. Because of the special privileges granted to a CLI administrator, we recommend that you protect the CLI administrator credentials and create web-based administrators for configuring and managing Cisco ISE deployments.
Create a New Cisco ISE Administrator
Cisco ISE administrators need accounts with specific roles assigned to it to perform specific administrative tasks. You can create administrator accounts and assign one or more roles to it based on the administrative tasks that an administrator has to perform.
You can use the Admin Users page to view, create, modify, delete, change the status, duplicate, or search for attributes of Cisco ISE administrators.
Choose one of the following:
Enter values for the Administrator fields. Supported characters for the name field are # $ ’ ( ) * + - . / @ _. Unsupported character for the password field is '(apostrophe).
Click Submit to create the new administrator in the Cisco ISE internal database.