Administer > Service Manager Service Portal Administration Guide > Changing HPE Service Manager Service Portal Default User Accounts' Passwords

Changing HPE Service Manager Service Portal Default User Accounts' Passwords

HPE Service Manager Service Portal has built-in user accounts. The user accounts are used to authenticate REST API calls and for initial setup and experimentation with the product. For security reasons, HPE recommends that you change the default passwords associated with these accounts, however, do not change the user names. You can also disable the admin, orgadmin, and consumer user accounts and create your own users with identical roles.

Important: Do not create users in your LDAP directory that match the users provided by HPE Service Manager Service Portal The HPE Service Manager Service Portal users are: admin, orgadmin, consumer, idmTransportUser, ooInbounduser, and sxCatalogTransportUser. Creating an identical user in LDAP could allow an HPE Service Manager Service Portal user unintended access to the HPE Propel Management Console or give the LDAP user unintended privileges.

Besides changing the passwords for the built-in HPE Service Manager Service Portal user accounts, HPE recommends that you also change the default password for the root user on the HPE Service Manager Service Portal host. For details about changing the root password, refer to the passwd(1) manpage.

In the following instructions, $PROPEL_HOME represents the /opt/hp/propel directory on the HPE Service Manager Service Portal host. You can set this as an environment variable with the following command on the HPE Service Manager Service Portal host:

# export PROPEL_HOME=/opt/hp/propel

Change Passwords for HPE Propel Management Console User Accounts

The following HPE Service Manager Service Portal user account is used to access administrative applications in the HPE Propel Management Console.

admin User: HPE Propel Management Console
Username admin
Default Password propel
Usage This Administrator account is used to log in to the HPE Propel Management Console to manage HPE Service Manager Service Portal settings across all of the organizations.
To Disable

You should disable this account only after you have set up and verified a user with the HPE Service Manager Service Portal Administrator role in the HPE Propel Management Console.

Edit the $PROPEL_HOME/idm-service/idm-service.war/WEB-INF/classes/ provider-users.properties file. Update the admin property to disable this user account. For example, set admin to the following value. (This value should be encrypted.):

propel,ROLE_REST,disabled

Note: This property not only contains the password, but also the roles that control access to HPE Service Manager Service Portal and if the account is enabled

By default, the unencrypted value of this property is:
propel,DIAGNOSTICS_ADMIN,SUPPLIER_VIEWER,CONTENT_ADMIN,LICENSE_ADMIN,
SUPER_IDM_ADMIN,ROLE_REST,enabled

See Encrypt a Password - HPE Service Manager Service Portal User Accounts for instructions on how to encrypt this value. The encrypted value is preceded by ENC without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value, for example: ENC(54j5ngfki3i43A0=d).

To Change Password

Edit the $PROPEL_HOME/idm-service/idm-service.war/WEB-INF/classes/ provider-users.properties file. Update the password value of the admin property and encrypt the entire value, including the roles and the account status. (See Encrypt a Password - HPE Service Manager Service Portal User Accounts for instructions on how to encrypt this value.) The encrypted value is preceded by ENC without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value, for example: ENC(54j5ngfki3i43A0=d).

You must also update and use the same password for every REST API call that uses the password.

Note: This property not only contains the password, but also the roles that control access to HPE Service Manager Service Portal and if the account is enabled.

By default, the unencrypted value of this property is:
propel,DIAGNOSTICS_ADMIN,SUPPLIER_VIEWER,CONTENT_ADMIN,LICENSE_ADMIN,
SUPER_IDM_ADMIN,ROLE_REST,enabled

Change Passwords for HPE Service Manager Service Portal User Accounts

The following HPE Service Manager Service Portal user accounts are used to access applications in the HPE Service Manager Service Portal.

orgadmin User: HPE Service Manager Service Portal
Username orgadmin
Default Password propel
Usage This Organization Administrator account is used to access both the HPE Service Manager Service Portal and HPE Service Manager Service Portal administrative applications for an organization, such as Catalog Connect and Policies. (LDAP does not have to be configured.) This user belongs to the "HPE Service Manager Service Portal consumer internal group" and is a member of the HPE Service Manager Service Portal Consumer organization. (Both the group and the user are provided as samples.)
To Disable

You should disable this account only after you have set up and verified a user with the HPE Service Manager Service Portal Organization Administrator role in the HPE Service Manager Service Portal.

Edit the $PROPEL_HOME/idm-service/idm-service.war/WEB-INF/classes/
consumer-users.properties
file. Update the orgadmin property to disable this user account. For example, set orgadmin to the following value. (This value should be encrypted.):

propel,SERVICE_CONSUMER,ROLE_REST,disabled

Note: This property not only contains the password, but also the roles that control access to HPE Service Manager Service Portal and if the account is enabled

By default, the unencrypted value of this property is:
propel,IDM_ADMIN,CATALOG_ADMIN,AGGREGATION_ADMIN,CONSUMER,SUPPORT,
SUBSCRIPTION_ADMIN,SUPPLIER_ADMIN,ROLE_REST,enabled

See Encrypt a Password - HPE Service Manager Service Portal User Accounts for instructions on how to encrypt this value. The encrypted value is preceded by ENC without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value, for example: ENC(54j5ngfki3i43A0=d).

To Change Password

Edit the $PROPEL_HOME/idm-service/idm-service.war/WEB-INF/classes/
consumer-users.properties
file. Update the password value of the orgadmin property and encrypt the entire value, including the roles and the account status. (See Encrypt a Password - HPE Service Manager Service Portal User Accounts for instructions on how to encrypt this value.) The encrypted value is preceded by ENC without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value, for example: ENC(54j5ngfki3i43A0=d).

Note: This property not only contains the password, but also the roles that control access to HPE Service Manager Service Portal and if the account is enabled.

By default, the unencrypted value of this property is:
propel,IDM_ADMIN,CATALOG_ADMIN,AGGREGATION_ADMIN,CONSUMER,SUPPORT,
SUBSCRIPTION_ADMIN,SUPPLIER_ADMIN,ROLE_REST,enabled

 

consumer User: HPE Service Manager Service Portal
Username consumer
Default Password propel
Usage This consumer account is used to log in to the HPE Service Manager Service Portal. (LDAP does not have to be configured.) This user belongs to the “HPE Service Manager Service Portal consumer internal group” and is a member of the HPE Service Manager Service Portal Consumer organization. (Both the group and the user are provided as samples.
To Disable

You should disable this account only after you have set up and verified a user with the HPE Service Manager Service Portal Consumer role in the HPE Service Manager Service Portal.

Edit the $PROPEL_HOME/idm-service/idm-service.war/WEB-INF/classes/
consumer-users.properties
file. Update the consumer property to disable this user account. For example, set consumer to the following value. (This value should be encrypted.):

propel,CONSUMER,SUPPORT,ROLE_REST,disabled

Note: This property not only contains the password, but also the roles that control access to HPE Service Manager Service Portal and if the account is enabled

By default, the unencrypted value of this property is: propel,CONSUMER,SUPPORT,ROLE_REST,enabled

See Encrypt a Password - HPE Service Manager Service Portal User Accounts for instructions on how to encrypt this value. The encrypted value is preceded by ENC without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value, for example: ENC(54j5ngfki3i43A0=d).

To Change Password

Edit the $PROPEL_HOME/idm-service/idm-service.war/WEB-INF/classes/
consumer-users.properties
file. Update the password value of the consumer property and encrypt the entire value, including the roles and the account status. (See Encrypt a Password - HPE Service Manager Service Portal User Accounts for instructions on how to encrypt this value.) The encrypted value is preceded by ENC without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value, for example: ENC(54j5ngfki3i43A0=d).

Note: This property not only contains the password, but also the roles that control access to HPE Service Manager Service Portal and if the account is enabled.

By default, the unencrypted value of this property is: propel,CONSUMER,SUPPORT,ROLE_REST,enabled