Hello Olivier,
I'm glad you're using Apache Syncope.
> Is it actually possible to disable this default admin user?
short answer no.
The main things to do in order to handle security stuff in production are:
change the security.adminPassword property in core.properties so not using
the default admin password. Of Course you can change the security.adminUser
too in order to change the admin username.
Never use the root admin for daily tasks. Create specific Roles and Users
with granular Entitlements for your team.
These are the main things to do.
After that you can tune Syncope audit too in order to log every action
performed by the admin account.
Hope that clarifies.
Best regards,
Lorenzo
Il giorno ven 6 mar 2026 alle ore 09:42 PAREIGE, Olivier via user <
[email protected]> ha scritto:
> Hi,
>
>
>
> I have a question regarding the default administration account configured
> through the security.adminUser property.
>
>
>
> Is it actually possible to disable this default admin user?
>
>
> If not, what is the recommended way to handle and secure it in a
> production setup?
>
>
>
> Best regards,
>
> Olivier Pareige
> This message contains information that may be privileged or confidential
> and is the property of the Capgemini Group. It is intended only for the
> person to whom it is addressed. If you are not the intended recipient, you
> are not authorized to read, print, retain, copy, disseminate, distribute,
> or use this message or any part thereof. If you receive this message in
> error, please notify the sender immediately and delete all copies of this
> message.
>
--
--
Lorenzo Di Cola
Software Engineer @ Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.net
Apache Syncope Committer
Syncope PMC Member at The Apache Software Foundation
http://people.apache.org/phonebook.html?uid=loredicola
