This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kaliuga
Explorer
‎2024-05-08 12:55 AM
Jump to solution

Creating an administrator using mgmt_cli

Hi! I am looking for a way to create an admin using mgmt_cli.

I already found the Management API documentation, but I can't find the commands to publish the changes. For example: 

To create an administrator with an api key authentication method:

mgmt_cli add administrator name admin authentication-method api key permissions-profile read only all  expiration-date never --domain System Data

To generate an api key for it:

mgmt_cli add api-key admin-name admin --domain System Data --format json

To enable the API service:

mgmt_cli set api-settings accepted-api-calls-from all ip addresses that can be used for gui clients --domain System Data --format json

and after that:

mgmt_cli -r true --domain MDS set api-settings accepted-api-calls-from "All IP addresses"

api restart

api status

 

Questions:

Is everything right with these commands?

Do I still need to run the publish changes command? If yes, how it looks? I found only show last-published-session and purge-published-sessions.

And do I need to run two commands to enable the API service or just "mgmt_cli -r true ..." is enough?

 

Thank you in advance!

0 Kudos
1 Solution

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee
‎2024-05-08 01:03 AM
Jump to solution

If you are not using the session ID it should publish automatically right after the command is executed.

So for example from the Check Point Management API Reference guide:

https://sc1.checkpoint.com/documents/latest/APIs/?#cli/add-administrator~v1.9.1%20

 

Using this command should also publish:

mgmt_cli add administrator name "admin" password "secret" must-change-password false email "admin@gmail.com" phone-number "1800-800-800" authentication-method "check point password" permissions-profile "read write all"  --domain 'System Data' --format json

 

 

There is no need to restart the API service. It should run properly by default.

 

View solution in original post

2 Replies
Tal_Paz-Fridman
Employee
Employee
‎2024-05-08 01:03 AM
Jump to solution

If you are not using the session ID it should publish automatically right after the command is executed.

So for example from the Check Point Management API Reference guide:

https://sc1.checkpoint.com/documents/latest/APIs/?#cli/add-administrator~v1.9.1%20

 

Using this command should also publish:

mgmt_cli add administrator name "admin" password "secret" must-change-password false email "admin@gmail.com" phone-number "1800-800-800" authentication-method "check point password" permissions-profile "read write all"  --domain 'System Data' --format json

 

 

There is no need to restart the API service. It should run properly by default.

 

the_rock
Legend
Legend
‎2024-05-08 06:42 AM
Jump to solution

Thats it, what @Tal_Paz-Fridman sent. I did it before and does work.

Andy

https://sc1.checkpoint.com/documents/latest/APIs/#cli/add-administrator~v1.9.1%20

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events