Super Admin Restoration

The Super Admin role is a predefined administrative role and the only role with full administrative permission for the entire deployment. A Super Admin can:

  • Delegate roles to all other administrators.
  • Create the security domain hierarchy.

The Super Admin is created during deployment. Only a Super Admin can perform certain critical tasks. A deployment must have at least one Super Admin.

If a Super Admin is deleted, use the Super Admin Restoration utility, restore-admin, to create a new Super Admin. RSA recommends that you assign the Super Admin role to only the most trusted administrators.

You need to restore a Super Admin if any of the following conditions exist:

  • The sole Super Admin has been deleted from the deployment.
  • No users have been assigned the Super Admin role.
  • The sole Super Admin has been locked out.

If a Super Admin has been locked out, recovery can occur in any of the following ways:

  • Another Super Admin can manually unlock the Super Admin.
  • If the lockout policy that applies to the Super Admin allows auto-unlock, you can wait for lockout to expire.

If the previous methods fail, use the Super Admin Restoration utility. For instructions, see Restore the Super Admin.