and more in a single search tool across platforms. Read the announcement here. |
05/03/2023 12:36 PM
Hi Team,
We are trying to achieve automatic password rotation of a local admin account for a custom App: ZScaler.
We would require some information from Saviynt to proceed further:
1. Can we use API keys in ConnectionJSON, instead of Recon/Master account credentials? This API key will have the same permissions as any Recon/Master account on the App.
2. ZScaler has a process where the application needs the old password to be entered before initiating a password change even with Change Password API. Does Saviynt allows this concept in ChangePasswordJSON, where the old password will be automatically entered before the new password in updated in the application.
Please let me know if any further details are required.
Also, we are currently rotating the password of Splunk and ServiceNow local admin accounts automatically via ChangePasswordAPI incorporated in ChangePasswordJSON but this is achieved via Master/Recon Account.
Regards
Gazala Anjum
05/03/2023 01:14 PM
Additionally, could you also let us know on how can we use both GET and PUT method in one ChangePasswordJSON for this application. As the old password will be using GET method wnd the update password uses PUT method.
05/06/2023 01:51 PM
@NageshK Could you please shed some light on this.
05/08/2023 03:55 PM
@gazanjum Thanks for posting your question. As per the following article, change password functionality is not supported for ZScaler. Additionally, the integration with ZScaler is provided via SCIM and not as a stand alone connection. Please check the below article for more details
https://docs.saviyntcloud.com/bundle/Zscaler-Guide/page/Content/Introduction.htm
Thanks
Nagesh K
05/08/2023 10:35 PM
Hi @NageshK thank you for your response. As per the article, we can use REST Connectors for SCIM based tools. In that case, can we not use the same approach as Splunk, where we use the Change Password API and Master Account to initiate Password reset via ChnagePasswordJSON? If yes, as Zscaler works in a different fashion than other tools, could you please help us on the below points:
1. Can we use API keys in ConnectionJSON, instead of Recon/Master account credentials? This API key will have the same permissions as any Recon/Master account on the App. If not, we can go ahead with Recon/Master Account for password reset.
2. ZScaler has a process where the application needs the old password to be entered before initiating a password change even with Change Password API. Does Saviynt allows this concept in ChangePasswordJSON, where the old password will be automatically entered before the new password in updated in the application.
05/09/2023 08:55 AM
Hi @NageshK, We need to complete this and deploy this on priority on Prod, could we please get on a call and discuss the same.
Regards
Gazala Anjum
05/10/2023 04:56 AM
@NageshK The example for ConnectionJSON mentioned in the documentation shared by you, shows authType as 'oauth2'. However in our case, we are using 'cookie' based authentication where the httpParams are : username, password, apiKey, timestamp.
Can you kindly provide us a sample ConnectionJSON and ChangePasswordJSON which uses cookie authtype.
05/10/2023 07:20 AM - edited 05/10/2023 07:51 AM
@gazanjum So, it looks like you are trying to implement this using the regular REST implementation way with all different APIs. I have requested for this post to be moved to IGA so that someone from connectors team can help you on how to construct JSONs. Also, if you are already using the APIs from postman, you can extract the code snippet from postman and try that out in the REST connection.
Please also check the following two articles that gives details on different authentication type values that can be used.
https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Examples-for-JSON-Construction.htm
https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Developers-Handbook.htm
Thanks,
Nagesh K
05/15/2023 04:07 AM
Hi @NageshK , that's what we did, we extracted the code snippet from Postman and incorporated it in the authtype=cookies based ConnectionJSO which was able in the above Developers Guide, however there is an error which we are getting everytime getAPI is called.
Henceforth we required a real life example for 'cookie' based authentication. If possible could you please share a ConnectionJSON with authtype=cookies being current used or working in Saviynt's other Customer environment.
Also, if possible can we get on a call to give a better understanding of our requirement.
Regards
Gazala