08-29-2024 12:23 PM
the Cisco documentation says ISE is installed in the cloud or using the ZTP process, you will be prompted to change the web-based admin user password during the first login.
from what i can tell this password reset NEEDS to be done through the gui. using ansible i have programmatically reset the gui password via cli (application reset-passwd ise admin) and the change does take but when you try to login to the gui with that new password it forces you to change it again.
interestingly, API calls with the new cli set password do work so it doesn't necessarily impact my scripts but it does mean the first time a human logs in they will be forced to change the password yet again. this is somewhat problematic.
am i missing something? is there a workaround to this?
08-29-2024 06:50 PM
The GUI and CLI admin accounts are completely separate accounts stored in separate databases. The CLI admin account is copied into the GUI admin database during the initial install as stated in the Install Guide. After that point, there is no synchronization of these accounts, so they need to be managed independently.
There are currently no API endpoints for CRUD (Create, Read, Update, Delete) operations on internal GUI admin accounts, so I am not aware of any workaround for this initial GUI password reset.
08-30-2024 06:26 AM
understood and i don't have any confusion there. i'm talking strictly about the GUI credentials.
you can change the GUI password from the CLI. as i mentioned, the change made at the CLI does take effect for the GUI, but the system still prompts you to change it yet again when you login through the GUI. this is only for ZTP provisioned nodes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide