Change the Administrator Password - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-03-28
End_of_Life
EoL
Category
Administrator Guide
Abstract

Create a new password for the Cortex XSOAR administrator account, if you are unable to log in, by manually adding a new administrator.

If the administrator cannot log in and does not know the password, you need to add a new administrator. You can then change the password for the current administrator.

To add a new administrator, you need to create a one-time configuration (OTC) file, in which you define the user configurations. After the file is saved, restart the Cortex XSOAR server. The OTC file is automatically deleted.

  1. Create a new administrator.

    1. As the root user, create a /var/lib/demisto/otc.conf.json file with content similar to the following by using the touch (create) and vim (edit) commands.

      {
          "users": [
              {
                  "username": "newadmin",
                  "password": "veryStrongPassword!",
                  "email": "admin@example.com",
                  "phone": "+650-123456",
                  "name": "New Admin Dude",
                  "defaultAdmin": true,
                  "roles": {
                      "demisto": [
                          "Administrator"
                      ]
                  }
              }
          ]
      }

      If you do not want the new administrator to be the default administrator, remove defaultAdmin or change it to false.

    2. Save the file.

    3. Ensure the file has demisto:demisto ownership by typing the following command:

      chown demisto:demisto /var/lib/demisto/otc.conf.json

    4. Restart the Cortex XSOAR server by running the following command:

      systemctl restart demisto

      The file is removed when Cortex XSOAR restarts.

  2. Log in to Cortex XSOAR by using the new administrator credentials created in step 1.

    In this example, the username is newadmin and the password is veryStrongPassword!.

  3. Change the current administrator’s password.

    1. Go to SettingsUSERS AND ROLESUsers, select the current administrator checkbox and click Reset P/W.

    2. Change the new password as required, and click Save.

    3. Log out of Cortex XSOAR.

  4. (Optional) Remove the new administrator you created in step 1.

    1. Login to Cortex XSOAR using the current administrator credentials, including the new password.

    2. Go to SettingsUSERS AND ROLESUsers, select the new administrator checkbox and click Remove.

      If the new administrator is also a default administrator you can remove the user by selecting the user, clicking Roles, and unchecking the Set as Default Admin checkbox.