Find the Super Admin Credentials and API Token

Sysdig on-premises installations contain several configuration options only available to the initial admin user, or “super” admin user. This section outlines the steps for locating the super admin user (if you do not know who it is) and using the super user login token.

The Sysdig Monitor web interface does not currently provide a way to identify the super user. If you are trying to use the API to make a configuration change and it fails due to insufficient privileges, you can use the API to locate the super user.

Find Super Admin Credentials

Two approaches:

1. Access the API endpoint to list users directly via curl and parse the JSON output to locate the user with “ROLE_ADMIN” listed in the “roles” section.

# curl -k \
    -H 'Authorization: Bearer xxxxxxxx-yyyy-zzzz-aaaa-bbbbbbbbbbbb' \
    https://<your-sysdig-monitor-hostname>/api/users \
    | python -m json.tool

Output:

{
    "users": [
        {
        ....
            "roles": [
                "ROLE_ADMIN",
                "ROLE_CUSTOMER",
                "ROLE_USER"
             ],
             "username": "your-super-admin@example.com"
        },
        ...
    ]
}

2. Use this example Python script that leverages the Sysdig Monitor API.

export SDC_SSL_VERIFY="false"
export SDC_URL="https://<your-sysdig-monitor-hostname>"
# python list_admins.py xxxxxxxx-yyyy-zzzz-aaaa-bbbbbbbbbbbb

Output:

Admin users
-----------
your-super-admin@example.com
regular-admin@example.com

Super Admins
------------
your-super-admin@example.com

Find Sysdig API Token

As with any user, you can then obtain the API token by logging in as the “super” admin to the Sysdig UI.

When using the Sysdig API with custom scripts or applications, an API security token (specific to each team) must be supplied.

  1. Log in to Sysdig Monitor or Sysdig Secure and select Settings.

  2. Select User Profile. The Sysdig Monitor or Sysdig Secure API token is displayed (depending on which interface and team you logged in to).

  3. You can view and copy the token for use, or click the Reset Token button to generate a new one.

When reset, the previous token issued will immediately become invalid and you will need to make appropriate changes to your programs or scripts.