Cloud Management and AIOps


This is an IBM Automation portal for Cloud Management, Technology Cost Management, Network Automation and AIOps products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace SevOne
Categories Network Management System (NMS)
Created by Guest
Created on Dec 16, 2025

RELATED IDEAS

When SSO is enforced, there should be a supported way to disable admin account login

As of NPM 8.1, the ability to enforce SSO and disable all password login is supported. However, the admin (uid=1) user is exempt from this as a failsafe.

A client would like to a supported way to disable the admin user, when SSO is enforced, as a requirement for their production environment to allow no password login for any user, including 'admin'. Right now, they use a CRUD query on the backend to accomplish this, which isn't supported in the product. A supported way to do this, either with a backend SevOne-act framework command or similar, or a frontend Cluster Settings switch, would be desirable. There are concerns about administrators accidentally locking the admin account if this were implemented in the frontend GUI, so a backend way to re-enable it as a break-glass procedure would be required.

Idea priority Low
  • Admin
    Ryan Wilson
    Dec 16, 2025

    Kevin & Richard,

    There are tradeoffs to disabling the admin account entirely. It is the failsafe account to use in case SSO auth breaks. There are COMSEC methods to safeguard against unauthorized access to the admin user account without removing or blocking it, essentially allowing a "break the glass in case of emergency" way to access the front-end. It's also possible to completely randomize the password such that login ability is lost outside of brute force password cracking, which can be resisted against with appropriate lockout settings to temporarily disable the admin account.

    For this idea to be considered I would like to first see a documented requirement (publication name, paragraph, section, etc.) to review. If this request is a want vs a need, we would first prefer workarounds to be explored first. For now, this is not under consideration, but that can change depending on the response and need.

    1 reply

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.