Skip to main content

System admin user

AI summary
Describes the Imply Lumi Enterprise system admin user and its role in configuring authentication. Explains how to manage system admin access and when to disable it. Covers best practices for maintaining fallback login options.

About AI summaries.
Lumi Enterprise only

This information applies to Lumi Enterprise.

The system admin is a built-in user in Imply Lumi Enterprise with administrative access to all features of the deployment. The system admin user is enabled by default. Use it to configure external identity providers (IdPs) for single sign-on (SSO) authentication.

Log in as system admin

When you deploy Lumi Enterprise, you specify system admin credentials in main.tf using the admin_email and admin_initial_password properties. Use these credentials to log in as the system admin user.

tip

Keep your system admin login credentials confidential since the system admin user has full administrative access to the deployment.

To log in as the system admin user:

  1. On the Log in page, click More options.
  2. Click Log in as system admin.
  3. Enter your username and password.
  4. Click Log in as system admin.

System admin login

Manage system admin access

You only need to log in as the system admin to add your first IdP. To add more IdPs, you can log in through your existing IdP. The account you use to log in must belong to an IdP group mapped to the Admin role in Lumi. For information on Lumi roles, see Manage roles. For information on SSO configuration, see Configure SAML SSO for Lumi Enterprise.

Disable the system admin user

The system admin user is enabled by default. To disable the system admin user, set the admin_user_enabled property to false in main.tf, then run terraform apply. Note that if SSO becomes unavailable after disabling the system admin user, there is no fallback login option until you re-enable the system admin user.

Consider keeping the system admin user enabled as a fallback for the following reasons:

  • Replacing the X.509 certificate after your IdP rotates its signing certificate
  • Mapping new IdP groups to Lumi roles
  • Fixing a misconfiguration, such as a wrong SSO URL or Entity ID
  • Finishing an incomplete SSO setup

Enable the system admin user

To re-enable a previously disabled system admin user, set the admin_user_enabled property to true in main.tf, then run terraform apply.

Learn more

See the following topics for more information: