Cisco ISE Administrators
Administrators can use the admin portal to:
Manage deployments, help desk operations, network devices, and node monitoring and troubleshooting.
Manage Cisco ISE services, policies, administrator accounts, and system configuration and operations.
Change administrator and user passwords.
A CLI administrator can start and stop the Cisco ISE application, apply software patches and upgrades, reload or shut down the Cisco ISE appliance, and view all the system and application logs. Because of the special privileges that are granted to a CLI administrator, we recommend that you protect the CLI administrator credentials and create web-based administrators for configuring and managing Cisco ISE deployments.
The username and password that you configure during setup is intended only for administrative access to the CLI. This role is considered to be the CLI admin user, also known as CLI administrator. By default, the username for a CLI admin user is admin, and the password is defined during setup. There is no default password. This CLI admin user is the default admin user, and this user account cannot be deleted. However, other administrators can edit it, including options to enable, disable, or change password for the corresponding account.
You can either create an administrator, or you can promote an existing user to an administrator role. Administrators can also be demoted to simple network user status by disabling the corresponding administrative privileges.
Administrators are users who have local privileges to configure and operate the Cisco ISE system.
Administrators are assigned to one or more admin groups.
Starting with Cisco ISE Release 2.7, use alphanumeric values while creating user accounts in Cisco ISE.
Privileges of a CLI Administrator Versus a Web-Based Administrator
A CLI administrator can start and stop the Cisco ISE application, apply software patches and upgrades, reload or shut down the Cisco ISE appliance, and view all the system and application logs. Because of the special privileges granted to a CLI administrator, we recommend that you protect the CLI administrator credentials and create web-based administrators for configuring and managing Cisco ISE deployments.
Create a New Administrator
Cisco ISE administrators need accounts with specific roles assigned to them in order to perform specific administrative tasks. You can create multiple administrator accounts and assign one or more roles to these admins based on the administrative tasks that these admins have to perform.
Use the Admin Users window to view, create, modify, delete, change the status, duplicate, or search for attributes of Cisco ISE administrators.
From the Add drop-down, choose one of the following options:
Enter values in the fields. The characters supported for the Name field are # $ ’ ( ) * + - . / @ _.
The admin user name must be unique. If you have entered an existing user name, an error pop-up window displays the following message:
Click Submit to create a new administrator in the Cisco ISE internal database.