We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Need Information on automatic password rotation of Custom Apps using API Keys

gazanjum
New Contributor III
New Contributor III

Hi Team,

We are trying to achieve automatic password rotation of a local admin account for a custom App: ZScaler.

We would require some information from Saviynt to proceed further:

1. Can we use API keys in ConnectionJSON, instead of Recon/Master account credentials? This API key will have the same permissions as any Recon/Master account on the App.

2. ZScaler has a process where the application needs the old password to be entered before initiating a password change even with Change Password API. Does Saviynt allows this concept in ChangePasswordJSON, where the old password will be automatically entered before the new password in updated in the application.

Please let me know if any further details are required.

Also, we are currently rotating the password of Splunk and ServiceNow local admin accounts automatically via ChangePasswordAPI incorporated in ChangePasswordJSON but this is achieved via Master/Recon Account.

Regards

Gazala Anjum 

8 REPLIES 8

gazanjum
New Contributor III
New Contributor III

Additionally, could you also let us know on how can we use both GET and PUT method in one ChangePasswordJSON for this application. As the old password will be using GET method wnd the update password uses PUT method.

gazanjum
New Contributor III
New Contributor III

@NageshK Could you please shed some light on this.

NageshK
Saviynt Employee
Saviynt Employee

@gazanjum Thanks for posting your question. As per the following article, change password functionality is not supported for ZScaler. Additionally, the integration with ZScaler is provided via SCIM and not as a stand alone connection. Please check the below article for more details

https://docs.saviyntcloud.com/bundle/Zscaler-Guide/page/Content/Introduction.htm

Thanks

Nagesh K

gazanjum
New Contributor III
New Contributor III

Hi @NageshK thank you for your response. As per the article, we can use REST Connectors for SCIM based tools. In that case, can we not use the same approach as Splunk, where we use the Change Password API and Master Account to initiate Password reset via ChnagePasswordJSON? If yes, as Zscaler works in a different fashion than other tools, could you please help us on the below points:

1. Can we use API keys in ConnectionJSON, instead of Recon/Master account credentials? This API key will have the same permissions as any Recon/Master account on the App. If not, we can go ahead with Recon/Master Account for password reset.

2. ZScaler has a process where the application needs the old password to be entered before initiating a password change even with Change Password API. Does Saviynt allows this concept in ChangePasswordJSON, where the old password will be automatically entered before the new password in updated in the application.

 

gazanjum
New Contributor III
New Contributor III

Hi @NageshK, We need to complete this and deploy this on priority on Prod, could we please get on a call and discuss the same.

Regards

Gazala Anjum

gazanjum
New Contributor III
New Contributor III

@NageshK  The example for ConnectionJSON mentioned in the documentation shared by you, shows authType as 'oauth2'. However in our case, we are using 'cookie' based authentication where the httpParams are : username, password, apiKey, timestamp.

Can you kindly provide us a sample ConnectionJSON and ChangePasswordJSON which uses cookie authtype.

NageshK
Saviynt Employee
Saviynt Employee

@gazanjum So, it looks like you are trying to implement this using the regular REST implementation way with all different APIs. I have requested for this post to be moved to IGA so that someone from connectors team can help you on how to construct JSONs.  Also, if you are already using the APIs from postman, you can extract the code snippet from postman and try that out in the REST connection.

Please also check the following two articles that gives details on different authentication type values that can be used. 

https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Examples-for-JSON-Construction.htm

https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Developers-Handbook.htm

Thanks,

Nagesh K

gazanjum
New Contributor III
New Contributor III

Hi @NageshK , that's what we did, we extracted the code snippet from Postman and incorporated it in the authtype=cookies based ConnectionJSO which was able in the above Developers Guide, however there is an error which we are getting everytime getAPI is called.

Henceforth we required a real life example for 'cookie' based authentication. If possible could you please share a ConnectionJSON with authtype=cookies being current used or working in Saviynt's other Customer environment.

Also, if possible can we get on a call to give a better understanding of our requirement.

Regards

Gazala