Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Create Authentication token issue for Local user in SSO Enabled Saviynt

gauravchandok
New Contributor III
New Contributor III

‎11/08/2023 02:23 AM - edited ‎11/13/2023 09:35 PM

Dear all,

I created a local user in SSO enabled Saviynt and set the password from Admin function.

I have set the localAuthEnabled as 1 and when I try to execute the authentication API (/ECM/api/login), I always get Invalid username or password and 401 errorcode error although I am passing the correct username and password.

I played around and have logged in using this user via SSO, as our SSO is configured to work on saviynt user's email attribute so i put my team mate's email address in this user in Saviynt and logged in and set the security questions.

Please help in solving this.

Note: I have never logged into Saviynt with this user's Saviynt password.

 

Disabling the SSO and then again setting the password, then login from UI and setting security questions solved the issue.

Thanks

0 Kudos
1 REPLY 1

Manu269
All-Star
All-Star

‎11/08/2023 03:17 AM

please find the detailed response as below :

For a user on v23.7 or later - here's the "easy" solution our professional services team came up with:

  1. Go to Global Configuration -> Identity Lifecycle -> Register User form -> Action -> Create
  2. Create a dynamic attribute as follows:
    1. Name: LocalAuthEnabled
    2. Request Type: User
    3. Label: Set LocalAuthEnabled
    4. Attribute Type: Boolean
    5. User Column: localAuthEnabled
    6. Select Editable on Update and Hide on Create
    7. Action: Mapping
  3. Go to User Modification Auto Approve and check that box.
  4. Go to Home -> Update User Request -> Search the user and you will see the form being opened where you will have the Localauthenabled attribute that you created
  5. Select true and submit. 
  6. Repeat for other users as needed
  7. Go back to User Modification Auto Approve and uncheck that box.

For lower instance :

you should be able to use the admin account that was provided at the time of setting up the instance.

If there is no access to any local accounts that can be used to make the API calls, please run the custom query job with the below query to update the flag.

(Note: CustomQuery is planned to be deprecated in the future versions)

update users set passwordexpired=0, localauthenabled=1 where username='SAVIyntXXXXX'

If you are still seeing a 401 error, then reset the password from UI and again execute the above query and try it

Hope this helps.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos
Copyright © 2024 Khoros, LLC