Securing IMC
As a best practice to secure IMC, perform the following tasks:
Change the password of the IMC superuser admin immediately after the first login.
Tie the administrative accounts to a central AAA server via LDAP or RADIUS.
Retain one administrative account (not named admin) with a local password to recover from loss of access to the AAA server.
Enable the verification code feature on the IMC login page.