Regain admin control

This page explains how to re-gain administrative control over an M-Pin SSO instance without a regular admin User account. This solution requires administrator-level access to the machine on which the M-Pin SSO instance is installed.

Re-gaining administrative control over an M-Pin SSO instance without a regular admin User account might be necessary in cases when admin-level access is needed, but admin User accounts either don't exist cannot be used for some reason. A typical case is when the Default Admin User account becomes unaccessible before any other Users with administrative privileges has been created in the M-Pin SSO System.

As the access to M-Pin SSO is device-/browser-specific, if you lose the device or browser with which you have logged-in first as Default Admin User and if this happens before creating any other admin Users, you will be locked out of the System, or at least out of its administration modules.

The solution in such cases is to re-create the Default Admin User account: this will allow you to log-in to your M-Pin SSO in the same manner in which you log in for the first time after its initial installation.

  • Administrator-level access to the machine on which the M-Pin SSO instance is installed

  • The Default Admin User account (called "initial-setup") blocked or deleted. ‚Äč The system will not allow you to re-create the initial-setup account if this account is currently active; in such cases, have the initial-setup account de-activated first by entering the wrong PIN at log-in enough times to have the system block it (3 times by default).

To re-create the Default Admin User account:

  1. From the console of your M-Pin SSO machine, run the following set of commands:

    sudo su
    su - mpin
    export PYTHONPATH=/opt/sso/libs
    export LD_LIBRARY_PATH=/opt/sso/libs
    ./authentic2-ctl create_initial_setup activate

    The following console output will indicate that the Default Admin User account (called "initial-setup") has been re-created successfully and is now operational:

    The Initial Setup user already exists
    The Initial Setup user is activated. Please setup your registration
  2. Access the initial-setup account with a web browser. You will be prompted to create a PIN, after which you will be able to log in to your M-Pin SSO System as the Default Admin User ("initial-setup" user).