Cisco Identity Services Engine Installation Guide, Release 3.5

Log in to the Cisco ISE web-based interface

Updated: May 6, 2026

Want to summarize with AI?

On this page

Overview

Differences between CLI admin and web-based admin user tasks
Create a CLI admin
Create a web-based admin
Reset a disabled password due to administrator lockout

Overview

Guides you through logging in to the Cisco ISE web-based interface for the first time after installation, enabling initial access and system configuration. Outlines essential security steps to ensure a secure administrative session.

When you log in to the Cisco ISE web-based interface for the first time, you use the preinstalled Evaluation license.

Procedure

	1.	After the Cisco ISE appliance finishes rebooting, launch one of the supported web browsers. For information about validated browsers, refer to the “Validated Browsers” section in the Cisco ISE Release Notes.
	2.	In the Address field, enter the IP address or hostname of the Cisco ISE appliance in this format, then press Enter. `https://<IP address or host name>/admin/`
	3.	Enter your username and password.
	4.	Click Login.

Note

For security, log out when you complete your administrative session. If you do not log out, Cisco ISE logs you out after 30 minutes of inactivity and does not save any unsubmitted configuration data.

If Cisco ISE is installed in the cloud or using the ZTP process, you will be prompted to change the web-based admin user password during the first login.

Differences between CLI admin and web-based admin user tasks

Use the username and password you set during Cisco ISE setup for administrative access to the CLI and the web interface.

The administrator with access to the Cisco ISE CLI is called the CLI-admin user. By default, the CLI-admin username is admin. The administrator must create the password during the setup process, as Cisco ISE does not provide a default password.

You can initially access the Cisco ISE web interface by using the CLI-admin username and password that you defined during setup. A web-based admin user does not have a default username or password.

Cisco ISE copies the CLI-admin user to the web-based admin user database. Only the first CLI-admin user is copied as the web-based admin user. Ensure that the CLI and web-based administrator user stores remain synchronized. Using the same username and password for both roles simplifies administration.

The CLI-admin user has different rights and capabilities than the web-based admin user and can perform additional administrative tasks.

Table 1. Tasks performed by CLI-admin and web-based admin users
Admin user type	Tasks
Both CLI-admin and web-based admin	Back up Cisco ISE application data Display any system, application, or diagnostic logs on the Cisco ISE appliance Apply Cisco ISE software patches, maintenance releases, and upgrades Set the NTP server configuration
CLI-admin only	Start and stop Cisco ISE application software Reload or shut down the Cisco ISE appliance Reset the web-based admin user in case of a lockout Access Cisco ISE CLI

Create a CLI admin

You can create additional CLI-admin user accounts after you complete the setup process. To keep your account secure, create only the number of CLI-admin users you need for Cisco ISE CLI access. This method helps you protect your credentials.

You can add a CLI-admin user with this command in configuration mode:

username <username> password [plain/hash] <password> role admin

Create a web-based admin

To access Cisco ISE through the web interface initially, use the administrator username and password configured during CLI setup.

To add an administrator user, perform these steps:

In the Cisco ISE GUI, click the Menu icon () and choose Administration > System > Admin Access > Administrators > Admin Users.
Choose Add > Create an Admin User.
Add web-based administrator users using the user interface.
Click Submit.

Reset a disabled password due to administrator lockout

If you enter an incorrect password five times, your account becomes disabled.

Use these instructions to reset the administrator user interface password with the application reset-passwd ise command in the Cisco ISE CLI. Resetting the administrator password activates new credentials immediately and allows you to log in without rebooting the system. This process does not affect the administrator's CLI password.

Cisco ISE adds a log entry in the Administrator Logins window. Navigate to Operations > Reports > Reports > Audit > Administrator Logins. Reset your administrator ID password to regain access to your credentials.

This procedure helps you re-enable your credentials so you can resume system management tasks.

Procedure

	1.	Access the direct-console CLI and enter: application reset-passwd ise administrator_ID
	2.	Specify and confirm a new password that is different from the passwords that were used most recently for this administrator ID. `Enter new password: Confirm new password: Password reset successfully`

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.