Cisco ISE admin password lifecycle and reset

After 45 days the Cisco Identity Services Engine admin password expires, which is a default setting on a fresh installation.

This behavior can be disabled in Cisco ISE administration Password Policy / Password Lifetime settings, however the Cisco ISE admin password should be a strong, randomized and auto-generated password in this case.

Cisco ISE 3.0: Password policy / password lifecycle settings
Cisco ISE 3.0: Password policy / password lifecycle settings

In case the Web-UI access of Cisco ISE is not working - because the password expired - the password can be reset by login in the console (VMWare, XCP-NG, …) or by SSH.

After the login, Cisco ISE asks to set a new login password, the Cisco ISE Web-UI password can be reset with the command line shown below. Cisco ISE will start a “new/confirm” password dialog and will set the Web-UI password to a new one.

    application reset-passwd ise admin
Cisco ISE 3.0: ISE admin password reset

Share: