Log in to the Cisco ISE Web-Based Interface
When you log in to the Cisco ISE web-based interface for the first time, you will be using the preinstalled Evaluation license.
Note |
We recommend that you use the Cisco ISE user interface to periodically reset your administrator login password. |
Caution |
For security reasons, we recommend that you log out when you complete your administrative session. If you do not log out, the Cisco ISE web-based web interface logs you out after 30 minutes of inactivity, and does not save any unsubmitted configuration data. |
For information about the validated browsers, see "Validated Browsers" section in the Cisco ISE Release Notes.
Note |
If Cisco ISE is installed in the cloud or using the ZTP process, you will be prompted to change the web-based admin user password during the first login. |
Procedure
Step 1 |
After the Cisco ISE appliance reboot has completed, launch one of the supported web browsers. |
Step 2 |
In the Address field, enter the IP address (or hostname) of the Cisco ISE appliance by using the following format and press Enter.
|
Step 3 |
Enter a username and password that you defined during setup. |
Step 4 |
Click Login. |
Differences Between CLI Admin and Web-Based Admin Users Tasks
The username and password that you configure when using the Cisco ISE setup program are intended to be used for administrative access to the Cisco ISE CLI and the Cisco ISE web interface. The administrator that has access to the Cisco ISE CLI is called the CLI-admin user. By default, the username for the CLI-admin user is admin and the password is user-defined during the setup process. There is no default password.
You can initially access the Cisco ISE web interface by using the CLI-admin user’s username and password that you defined during the setup process. There is no default username and password for a web-based admin.
The CLI-admin user is copied to the Cisco ISE web-based admin user database. Only the first CLI-admin user is copied as the web-based admin user. You should keep the CLI- and web-based admin user stores synchronized, so that you can use the same username and password for both admin roles.
The Cisco ISE CLI-admin user has different rights and capabilities than the Cisco ISE web-based admin user and can perform other administrative tasks.
Admin User Type |
Tasks |
---|---|
Both CLI-Admin and Web-Based Admin |
|
CLI-Admin only |
|
Create a CLI Admin
Cisco ISE allows you to create additional CLI-admin user accounts other than the one you created during the setup process. To protect the CLI-admin user credentials, create the minimum number of CLI-admin users needed to access the Cisco ISE CLI.
username <username> password [plain/hash] <password> role admin
Create a Web-Based Admin
For first-time web-based access to Cisco ISE system, the administrator username and password is the same as the CLI-based access that you configured during setup.
To add an admin user:
-
Choose Administration > System > Admin Access > Administrators > Admin Users.
-
Choose Add > Create an Admin User.
-
Enter the name, password, admin group, and the other required details.
-
Click Submit.
Reset a Disabled Password Due to Administrator Lockout
An administrator can enter an incorrect password enough times to disable the account. The minimum and default number of attempts is five.
Use these instructions to reset the administrator user interface password with the application reset-passwd ise command in the Cisco ISE CLI. It does not affect the CLI password of the administrator. After you successfully reset the administrator password, the credentials are immediately active and you can log in without having to reboot the system. .
Cisco ISE adds a log entry in the Administrator Logins window. The navigation path for this window is . The credentials for that administrator ID is suspended until you reset the password associated with that administrator ID.
Procedure
Step 1 |
Access the direct-console CLI and enter: application reset-passwd ise administrator_ID |
Step 2 |
Specify and confirm a new password that is different from the previous two passwords that were used for this administrator ID:
|