Super Admin Restoration
The Super Admin role is a predefined administrative role and the only role with full administrative permission for the entire deployment. A Super Admin can:
- Delegate roles to all other administrators.
- Create the security domain hierarchy.
The Super Admin is created during deployment. Only a Super Admin can perform certain critical tasks. A deployment must have at least one Super Admin.
If a Super Admin is deleted, use the Super Admin Restoration utility, restore-admin, to create a new Super Admin. RSA recommends that you assign the Super Admin role to only the most trusted administrators.
You need to restore a Super Admin if any of the following conditions exist:
- The sole Super Admin has been deleted from the deployment.
- No users have been assigned the Super Admin role.
- The sole Super Admin has been locked out.
If a Super Admin has been locked out, recovery can occur in any of the following ways:
- Another Super Admin can manually unlock the Super Admin.
- If the lockout policy that applies to the Super Admin allows auto-unlock, you can wait for lockout to expire.
If the previous methods fail, use the Super Admin Restoration utility. For more information, see Restore the Super Admin.
Related Articles
Add a Super Admin Number of Views Restore the Super Admin Number of Views Create a Backup Using Back Up Now Number of Views Authentication error with LDAP user assigned the Super Admin role while providing additional credentials to the RSA Authen… Number of Views Replacing the Console Certificate Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
