Cisco ISE | Recover GUI Password
About Cisco ISE:
The Identity Services Engine (ISE) helps IT professionals meet enterprise mobility challenges and secure the evolving network across the entire attack continuum. Cisco ISE is the market-leading security policy management platform that unifies and automates highly secure access control to enforce role-based access to networks and network resources. It delivers superior user and device visibility to enable simplified enterprise mobility experiences, and it shares vital contextual data with integrated ecosystem partner solutions using Cisco Platform Exchange Grid (pxGrid) technology to accelerate the identification, mitigation, and remediation of threats.
Cisco Identity Services Engine (ISE) is a network administration product that enables the creation and enforcement of security and access policies for endpoint devices connected to the company's routers and switches. The purpose is to simplify identity management across diverse devices and applications.
This post describes the method to recover expired or lost passwords for Cisco ISE GUI. Admin passwords can be different for CLI and GUI. You can reset the admin GUI password by logging in to Cisco ISE CLI. If the CLI password is also expired or lost then you need to reset the Cisco ISE CLI password.
To reset or recover expired/lost password for Cisco ISE GUI follow below steps:
▻ Step 1. Log in to the Cisco ISE CLI admin account using SSH or console;
Remember that the console admin account is different than the web UI admin account. They have the same username but can have different passwords.
▻ Step 2. From the command prompt, use the application reset-passwd ise admin command to set a new web UI admin password;
▻ Step3. Insert your password as required;
▻ Step4. Test the new password by login to GUI using new password.
⚠️ NOTE ⚠️
Cisco ISE has a default expiry period of 45 days for the admin password. You can change disable or change expiry period by following method:
In the ISE GUI navigate to Administration > System > Admin Access > Authentication > Password Policy and uncheck ‘Administrator passwords expire # days after creation or last change’.