https://community.checkpoint.com/t5/Firewall-and-Security-Management/Creating-an-administrator-using-mgmt-cli/m-p/213593#M40705 <P>If you are not using the session ID it should publish automatically right after the command is executed.</P> <P>So for example from the Check Point Management API Reference guide:</P> <P><A href="https://sc1.checkpoint.com/documents/latest/APIs/?#cli/add-administrator~v1.9.1%20" target="_blank" rel="noopener">https://sc1.checkpoint.com/documents/latest/APIs/?#cli/add-administrator~v1.9.1%20</A></P> <P>&nbsp;</P> <P>Using this command should also publish:</P> <PRE class="code">mgmt_cli add administrator name "admin" password "secret" must-change-password false email "admin@gmail.com" phone-number "1800-800-800" authentication-method "check point password" permissions-profile "read write all" --domain 'System Data' --format json</PRE> <P>&nbsp;</P> <P>&nbsp;</P> <P>There is no need to restart the API service. It should run properly by default.</P> <P>&nbsp;</P> Wed, 08 May 2024 08:04:11 GMT Tal_Paz-Fridman 2024-05-08T08:04:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Creating-an-administrator-using-mgmt-cli/m-p/213590#M40704 <P><SPAN class=""><SPAN class="">Hi! I am looking for a way to create an admin using mgmt_cli.</SPAN></SPAN></P><P><SPAN class=""><SPAN class="">I already found the Management API documentation, but I can't find the commands to publish the changes.</SPAN></SPAN> <SPAN class=""><SPAN class="">For example:</SPAN></SPAN>&nbsp;</P><P><SPAN class=""><SPAN class="">To create an administrator with an api key authentication method:</SPAN></SPAN></P><P><EM><SPAN class=""><SPAN class="">mgmt_cli add administrator name admin authentication-method api key permissions-profile read only all&nbsp; expiration-date never --domain System Data</SPAN></SPAN></EM></P><P><SPAN class=""><SPAN class="">To generate an api key for it:</SPAN></SPAN></P><P><EM><SPAN class=""><SPAN class="">mgmt_cli add api-key admin-name admin --domain System Data --format json</SPAN></SPAN></EM></P><P><SPAN class=""><SPAN class="">To enable the API service: </SPAN></SPAN></P><P><SPAN class=""><SPAN class=""><EM>mgmt_cli set api-settings accepted-api-calls-from all ip addresses that can be used for gui clients --domain System Data --format json</EM> </SPAN></SPAN></P><P><SPAN class=""><SPAN class="">and after that: </SPAN></SPAN></P><P><EM><SPAN class=""><SPAN class="">mgmt_cli -r true --domain MDS set api-settings accepted-api-calls-from "All IP addresses" </SPAN></SPAN></EM></P><P><EM><SPAN class=""><SPAN class="">api restart </SPAN></SPAN></EM></P><P><EM><SPAN class=""><SPAN class="">api status</SPAN></SPAN></EM></P><P>&nbsp;</P><P><SPAN class=""><SPAN class="">Questions: </SPAN></SPAN></P><P><SPAN class=""><SPAN class="">Is everything right with these commands?</SPAN></SPAN></P><P><SPAN class=""><SPAN class="">Do I still need to run the publish changes command? If yes, how it looks? I found only <SPAN>show last-published-session and&nbsp;purge-published-sessions.</SPAN></SPAN></SPAN></P><P><SPAN class=""><SPAN class="">And do I need to run two commands to enable the API service or just "mgmt_cli -r true ..." is enough?</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN class="">Thank you in advance!</SPAN></SPAN></P> Wed, 08 May 2024 07:55:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Creating-an-administrator-using-mgmt-cli/m-p/213590#M40704 kaliuga 2024-05-08T07:55:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Creating-an-administrator-using-mgmt-cli/m-p/213593#M40705 <P>If you are not using the session ID it should publish automatically right after the command is executed.</P> <P>So for example from the Check Point Management API Reference guide:</P> <P><A href="https://sc1.checkpoint.com/documents/latest/APIs/?#cli/add-administrator~v1.9.1%20" target="_blank" rel="noopener">https://sc1.checkpoint.com/documents/latest/APIs/?#cli/add-administrator~v1.9.1%20</A></P> <P>&nbsp;</P> <P>Using this command should also publish:</P> <PRE class="code">mgmt_cli add administrator name "admin" password "secret" must-change-password false email "admin@gmail.com" phone-number "1800-800-800" authentication-method "check point password" permissions-profile "read write all" --domain 'System Data' --format json</PRE> <P>&nbsp;</P> <P>&nbsp;</P> <P>There is no need to restart the API service. It should run properly by default.</P> <P>&nbsp;</P> Wed, 08 May 2024 08:04:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Creating-an-administrator-using-mgmt-cli/m-p/213593#M40705 Tal_Paz-Fridman 2024-05-08T08:04:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Creating-an-administrator-using-mgmt-cli/m-p/213648#M40717 <P>Thats it, what&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/585">@Tal_Paz-Fridman</a>&nbsp;sent. I did it before and does work.</P> <P>Andy</P> <P><A href="https://sc1.checkpoint.com/documents/latest/APIs/#cli/add-administrator~v1.9.1%20" target="_blank">https://sc1.checkpoint.com/documents/latest/APIs/#cli/add-administrator~v1.9.1%20</A></P> Wed, 08 May 2024 13:42:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Creating-an-administrator-using-mgmt-cli/m-p/213648#M40717 the_rock 2024-05-08T13:42:27Z