Change the Administrator Password - Create a new password for the Cortex XSOAR administrator account, if you are unable to log in, by manually adding a new administrator. - Administrator Guide - 6.13 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide
Product
Cortex XSOAR
Version
6.13
Creation date
2024-04-15
Last date published
2025-07-10
Category
Administrator Guide
Abstract

Create a new password for the Cortex XSOAR administrator account, if you are unable to log in, by manually adding a new administrator.

If the administrator cannot log in and does not know the password, you need to add a new administrator. You can then change the password for the current administrator.

To add a new administrator, you need to create a one-time configuration (OTC) file, in which you define the user configurations. After saving the file, restart the Cortex XSOAR server. The OTC file is automatically deleted.

Note

If the Cortex XSOAR server is deployed under a custom path, you also need to update the demisto.conf file.

  1. Create a new administrator.

    1. As the root user, create a /var/lib/demisto/otc.conf.json file with content similar to the following by using the touch (create) and vim (edit) commands.

      {
    "users": [
        {
            "username": "newadmin",
            "password": "veryStrongPassword!",
            "email": "admin@example.com",
            "phone": "+650-123456",
            "name": "New Admin Dude",
            "defaultAdmin": true,
            "roles": {
                "demisto": [
                    "Administrator"
                ]
            }
        }
    ]
}

      Note

      The username needs to be a completely new user in the system. For example, if there was a username newadmin, it should be called something else, like newadmin2.

      If you do not want the new administrator to be the default administrator, remove defaultAdmin or change it to false.

    2. Save the file.

    3. Ensure the file has demisto:demisto ownership by typing the following command:

      chown demisto:demisto /var/lib/demisto/otc.conf.json

  2. (Optional) If the Cortex XSOAR server is deployed under a custom path, update the demisto.conf file.

    1. Create a backup copy of the demisto.conf file.

    2. Edit the demisto.conf file by adding the following keys and values:

      "Server": {
"HttpsPort": "443",
"ProxyMode": true,
"OneTimeConfPath": "/DATA/var/lib/demisto/otc.conf.json"
},

      Note

      The custom path above is /DATA/var/lib/ where demisto is installed. The provided path is provided as an example.

      The comma after true,, which must be added.

      Note

  3. Restart the Cortex XSOAR by running the following command:

    systemctl restart demisto

    The file is removed when Cortex XSOAR restarts.

  4. Log in to Cortex XSOAR by using the new administrator credentials created in step 1.

    In this example, the username is newadmin and the password is veryStrongPassword!.

  5. Change the current administrator’s password.

    1. Go to SettingsUSERS AND ROLESUsers, select the current administrator checkbox and click Reset P/W.

    2. Change the new password as required, and click Save.

    3. Log out of Cortex XSOAR.

  6. (Optional) Remove the new administrator you created in step 1.

    1. Login to Cortex XSOAR using the current administrator credentials, including the new password.

    2. Go to SettingsUSERS AND ROLESUsers, select the new administrator checkbox and click Remove.

      If the new administrator is also a default administrator you can remove the user by selecting the user, clicking Roles, and unchecking the Set as Default Admin checkbox.