We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Create Authentication token issue for Local user in SSO Enabled Saviynt

New Contributor III
New Contributor III

Dear all,

I created a local user in SSO enabled Saviynt and set the password from Admin function.

I have set the localAuthEnabled as 1 and when I try to execute the authentication API (/ECM/api/login), I always get Invalid username or password and 401 errorcode error although I am passing the correct username and password.

I played around and have logged in using this user via SSO, as our SSO is configured to work on saviynt user's email attribute so i put my team mate's email address in this user in Saviynt and logged in and set the security questions.

Please help in solving this.

Note: I have never logged into Saviynt with this user's Saviynt password.


Disabling the SSO and then again setting the password, then login from UI and setting security questions solved the issue.




please find the detailed response as below :

For a user on v23.7 or later - here's the "easy" solution our professional services team came up with:

  1. Go to Global Configuration -> Identity Lifecycle -> Register User form -> Action -> Create
  2. Create a dynamic attribute as follows:
    1. Name: LocalAuthEnabled
    2. Request Type: User
    3. Label: Set LocalAuthEnabled
    4. Attribute Type: Boolean
    5. User Column: localAuthEnabled
    6. Select Editable on Update and Hide on Create
    7. Action: Mapping
  3. Go to User Modification Auto Approve and check that box.
  4. Go to Home -> Update User Request -> Search the user and you will see the form being opened where you will have the Localauthenabled attribute that you created
  5. Select true and submit. 
  6. Repeat for other users as needed
  7. Go back to User Modification Auto Approve and uncheck that box.

For lower instance :

you should be able to use the admin account that was provided at the time of setting up the instance.

If there is no access to any local accounts that can be used to make the API calls, please run the custom query job with the below query to update the flag.

(Note: CustomQuery is planned to be deprecated in the future versions)

update users set passwordexpired=0, localauthenabled=1 where username='SAVIyntXXXXX'

If you are still seeing a 401 error, then reset the password from UI and again execute the above query and try it

Hope this helps.

Manish Kumar
If the response answered your query, please Accept As Solution and Kudos