For an added layer of access security, users can create a secondary local admin account to help reconcile a compromised primary admin account. Once activated, this user will have the exact same privileges of the admin account and exist in the local realm.
There are several things to consider when creating your reconciliation user:
- The user can only be activated once by the admin user.
- The password can be changed anytime after it is activated.
- The user can't be named "admin".
- The username can't be changed once it has been activated.
- The user can't be deactivated.
To create a secondary local admin account:
When logged into the Admin App with the admin user account, click the user icon () in the top right corner of the window.
Click REST API - Admin.
Click Try it out.
In the Edit Value field, enter the following required information:
- currentPassword: The password of the logged in admin user
- password: The password for the reconciliation user
- clientId: The username for the reconciliation user