IBM Support

How to unlock the admin user account?

Question & Answer


Question

  • How to unlock the admin user account?
  • What can I do if my admin user account is locked?

Cause

One of the most common causes for the Guardium admin login to be locked, is because the maximum number of unsuccessful  login retries was reached or bypassed.

Answer

Note 1: the solution here shows screenshots based upon the Guardium v 10.5, but the windows and menus in Guardium v9.x resemble it, so the same process applies.

You can easily use the accessmgr account in order to unlock the admin user (or any other Guardium GUI-based login) as follows:

Note 2: if your accessmgr account is locked, or you do not remember the password, refer to the "Guardium accessmgr password reset" link below in this page.

1) Login to the appliance's GUI using the accessmgr account.

image-20180906102210-1

2) Once logged, navigate to "Access > Access Management > User Browser" ("Access Management > User Browser" in Guardium v9.x). Look after the record that belongs to the admin User name, then click on the "Edit" button.

image-20180906102754-2
Tip 1: In Guardium v10.x, you can use the handy search bar at the top middle of the page to find the "User Browser" faster.

3) The "User Form" window is displayed. From here, you can manage the selected user's information. Fill the "Password" and the "Password (confirm)" fields with a new password for the admin account. The password must be typed exactly the same in both fields.

Then, ensure the "Disabled" checkbox is unchecked.

Lastly, click over the "Update User" button.

image-20180910135659-1
Note 3: due security reasons, the password set this way is a temporary one, and you will be prompted to change it the next time a login try with the admin user (or any other user edited) occurs.
Tip 2: remember to follow the standard password complexity rules when setting up the new passwords to avoid the system prompt you for a password that meets this criteria every time.
Tip 3: if you are sure to remember the password, but the account was disabled and you want to enable it back, simply uncheck the "Disabled" checkbox and do not change the password. The same results can be obtained if you run the "unlock admin" cli command.

4) Once done, you will be redirected to the "User Browser" page.

Tip 4: what you learned Today, applies for any Guardium GUI-based account.
Tip 5: in a managed environment, the process should be done at the Central Manager only.

 

 

 

 

 

 

 

 

 

 

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"User Management;Access Management","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
04 October 2018

UID

ibm10730547

Page Feedback