This post describes the method to recover expired or lost passwords for the Cisco ISE GUI. Admin passwords can be different for CLI and GUI.
You can reset the admin GUI password by logging in to Cisco ISE CLI. If the CLI password is also expired or lost then you need to reset the Cisco ISE CLI password.
To reset or recover expired/lost passwords for Cisco ISE GUI follow the below steps.
Step 1. Log in to the Cisco ISE CLI admin account using SSH or console.
Remember that the console admin account is different than the web UI admin account. They have the same username but can have different passwords.
Step 2. From the command prompt, use the application reset-passwd ise admin command to set a new web UI admin password.
application reset-passwd ise <username-here>
Step 3. The prompt to reset the password appears as shown in this image.
Step 4. Enter the new password as required.
Step 5. Test the new password by login to GUI using new password.
Disable or change the expiry period for the admin password for Cisco ISE
Cisco ISE has a default expiry period of 45 days for the admin password. You can change disable or change the expiry period by following the method.
In the ISE GUI navigate to Administration > System > Admin Access > Authentication > Password Policy and uncheck ‘Administrator passwords expire # days after creation or last change’.