This is a cache of https://docs.openshift.com/acs/4.5/operating/manage-user-access/remove-admin-user.html. It is a snapshot of the page at 2024-11-28T18:09:31.962+0000.
Removing the admin user - Managing user access | Operating | Red Hat Advanced Cluster Security for Kubernetes 4.5
×

Red Hat Advanced Cluster Security for Kubernetes (RHACS) creates an administrator account, admin, during the installation process that can be used to log in with a user name and password. The password is dynamically generated unless specifically overridden and is unique to your RHACS instance.

In production environments, it is highly recommended to create an authentication provider and remove the admin user.

Removing the admin user after installation

After an authentication provider has been successfully created, it is strongly recommended to remove the admin user.

Removing the admin user is dependent on the installation method of the RHACS portal.

Procedure

Perform one of the following procedures:

  • For Operator installations, set central.adminPasswordGenerationDisabled to true in your Central custom resource.

  • For Helm installations:

    1. In your Central Helm configuration, set central.adminPassword.generate to false.

    2. Follow the steps to change the configuration. See "Changing configuration options after deployment" for more information.

  • For roxctl installations:

    1. When generating the manifest, set Disable password generation to false.

    2. Follow the steps to install Central by using roxctl to apply the changes. See "Install Central using the roxctl cli" for more information.

After applying the configuration changes, you cannot log in as an admin user.

You can add the admin user again as a fallback by reverting the configuration changes. When enabling the admin user again, a new password is generated.