In WebSphere admin console, expand Security and select Global security to determine if administrative security is enabled.
When creating a profile, if the -enableAdminSecurity, -adminUserName, and -adminPassword options were not used, administrative security will not be enabled.
When administrative security is not enabled, you will be able to sign into the web console simply by pressing Log in without having to provide a username.
To require users to provide a username and password to access the WebSphere web console, select a user account registry and create a primary administrative user account, enable administrative security, select save, and then sign out of the web console. It is noteworthy that application security will also be enabled by administrative security is enabled.
Restart the application server or dmgr, and you should now be required to provide a username and password to be able to sign into the web console.