Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff

Created on ‎09-30-2016 08:32 AM Edited on ‎10-25-2024 07:22 AM By Moderator

Article Id 197356

Technical Tip: How to reset the admin password for FortiSIEM

Description

 

This article describes a way to reset the admin password to log in, in case of an account lockout.

 
Scope
 
FortiSIEM.


Solution

 

Part 1. Creating a New Admin User:

 

  1. Log into FortiSIEM through SSH using root user access.
  2. Run:

psql -d phoenixdb -U phoenix -f /opt/phoenix/deployment/add-super-admin.sql

 

  1. A new user will be added to FortiSIEM:

Username: testPassword: test*1Organization: super

 

Note: on 6.1+ version of FortiSIEM.

 

Username: test
Password: Test*123
Organization: super

 

Note: on 7.2.2+ version of FortiSIEM.

 

Username: test_fsm
Password: Test*123
Organization: super

 

Note: FortiSIEM Service Provider Mode will require the Organization, If FortiSIEM is utilizing enterprise Mode the Organization will not be necessary to enter while logging into the UI.

This user will be allowed to log into FortiSIEM as a full administrator. The administrator should be able to make the necessary changes to the FortiSIEM environment afterward.

 

Note: This is not valid for FortiSIEM Cloud, as there is no CLI access to the supervisor.
For FortiSIEM Cloud, a ticket to Technical Support is required, asking to apply the procedure above. After the test user has been created, Step 2 below can be performed also on the Cloud platform.

 

Be aware there is a bug for 7.1.x - 7.2.1 versions, it will display the following error 'TypeError Cannot read properties of null (reading fullAdmin)'.
This has been fixed on the 7.2.2 version. Upgrade to version 7.2.2 or higher. As an alternative, ask support to provide the fixed version of add-super-admin.sql. Once having a file follow the workaround.

 

Workaround.

 

Delete the old one and the SCP fixed version.

 

rm -f /opt/phoenix/deployment/add-super-admin.sql
scp add-super-admin.sql serverIP:/opt/phoenix/deployment/add-super-admin.sql

 

Once it is done run the steps for recovering the password again.

 

Part 2. Resetting the Admin Password.

 

  1. Log onto FortiSIEM with the new user 'test_fsm'.
  2. Head to the CMDB and find the target admin user that is locked out.
  3. Edit the User, make the changes to the password, and unlock the user.
  4. Log out, and access the admin account.

Alternatively, a user can be unlocked without the password reset from the 'Current User Activity' menu (icon on the top-right corner of the GUI): Current User Activity -> Locked Users

 

 

Important: For Security purposes, when it is possible again to access the account, clean the temporary account out of the system through the GUI. This is because the test user credentials are publicly available, so it should remain active for a very short time.
This can be done from the CMDB -> Users page.

15312
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.