Saviynt Forums

yogesh2 · ‎07/30/2024

We are generating Temporary Access Passwords (TAP) for Azure AD accounts and have successfully made the necessary calls to get the TAPs from Azure using the Graph API. However, we need to securely store the TAP on the account object so we can email it to the end user. The challenge is that all account custom properties are stored as plain text and are visible in the Saviynt UI.

Is there a way to securely store the TAP in an encrypted or hashed format, ensuring it is not visible in the UI, while still being able to share it with the end user via email?

rushikeshvartak · ‎07/30/2024

Ideally it should not be stored

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

yogesh2 · ‎07/30/2024

Agreed, but then how do we send it to user without storing it?

rushikeshvartak · ‎07/30/2024

You must be calling multiple call from call response send on runtime. or encode using base64 and store in accounts CPS

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Ankyt19 · ‎08/04/2024

Hi @rushikeshvartak and @yogesh2 ,

I have tried this using PS . But can you help me know if you are using REST ,GraphAPI to send TAP to Manager?

Can you help me with JSON for same ?

Thanks

Ankit Jain

Ankyt19 · ‎08/06/2024

Hi @rushikeshvartak and @yogesh2 ,

Without storing TAP how can we send this as email to manager?

Also, what are your views on sendOTPJSON?

Thanks

#restConnection

rushikeshvartak · ‎08/06/2024

You can explore. Not tried

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

How to store account attributes securely - Azure AD TAP (Temporary Access Password) generation