Super Admin Restoration
The Super Admin role is a predefined administrative role and the only role with full administrative permission for the entire deployment. A Super Admin can:
- Delegate roles to all other administrators.
- Create the security domain hierarchy.
The Super Admin is created during deployment. Only a Super Admin can perform certain critical tasks. A deployment must have at least one Super Admin.
If a Super Admin is deleted, use the Super Admin Restoration utility, restore-admin, to create a new Super Admin. RSA recommends that you assign the Super Admin role to only the most trusted administrators.
You need to restore a Super Admin if any of the following conditions exist:
- The sole Super Admin has been deleted from the deployment.
- No users have been assigned the Super Admin role.
- The sole Super Admin has been locked out.
If a Super Admin has been locked out, recovery can occur in any of the following ways:
- Another Super Admin can manually unlock the Super Admin.
- If the lockout policy that applies to the Super Admin allows auto-unlock, you can wait for lockout to expire.
If the previous methods fail, use the Super Admin Restoration utility. For more information, see Restore the Super Admin.
Related Articles
Add a Super Admin Number of Views Restore the Super Admin Number of Views Manage Administrators for the Cloud Administration Console Number of Views Administrative Roles for the Cloud Administration Console Number of Views Authentication error with LDAP user assigned the Super Admin role while providing additional credentials to the RSA Authen… Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
