Super Admin Restoration

The Super Admin role is a predefined administrative role and the only role with full administrative permission for the entire deployment. A Super Admin can:

• Delegate roles to all other administrators.
• Create the security domain hierarchy.

The Super Admin is created during deployment. Only a Super Admin can perform certain critical tasks. A deployment must have at least one Super Admin.

If a Super Admin is deleted, use the Super Admin Restoration utility, restore-admin, to create a new Super Admin. RSA recommends that you assign the Super Admin role to only the most trusted administrators.

You need to restore a Super Admin if any of the following conditions exist:

• The sole Super Admin has been deleted from the deployment.
• No users have been assigned the Super Admin role.
• The sole Super Admin has been locked out.

If a Super Admin has been locked out, recovery can occur in any of the following ways:

• Another Super Admin can manually unlock the Super Admin.
• If the lockout policy that applies to the Super Admin allows auto-unlock, you can wait for lockout to expire.

If the previous methods fail, use the Super Admin Restoration utility. For more information, see Restore the Super Admin.