FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Article Id 197356


This article is to describe a way to reset the admin password in order to log in, in case of an account lockout.



Here is a step by step guide to reset the admin password.

Part 1 - Creating a New Admin User:

    1. Log into FortiSIEM through SSH using root user access.

    2. Run:

      psql -d phoenixdb -U phoenix -f /opt/phoenix/deployment/add-super-admin.sql

    3. A new user will be added to FortiSIEM
Username: test
Password: test*1
Organization: super
NOTE: on 6.1+ version of FortiSIEM
Username: test
Password: Test*123
Organization: super

NOTE: FortiSIEM Service Provider Mode will require the Organization, If FortiSIEM is utilizing enterprise Mode the Organization will not be necessary to enter while logging into the UI

This user will be allowed to log into FortiSIEM as a full administrator.  The administrator should be able to make the necessary changes to the FortiSIEM environment afterwards.

Part 2 - Resetting the Admin Password

    1. Log onto FortiSIEM with the new user "test"

    2. Head to the CMDB and find the target admin user that is locked out

    3. Edit the User and make the changes to their password and unlock the user.

    4. Log out, and access the admin account.