Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/03/2024 10:17 AM
Hello,
We have set up accounts that can use the Saviynt API in our Prod and Dev instances. We are also attempting to use this account for Transport as that requires a username/password combo too. We have SSO enabled.
I have read forum posts that say to make sure the password is not expired and that localAuthEnabled = true in order to get this working. Saviynt support has said they will not set localAuthEnabled = true for us:
Hello Brian,
As of now, we are not allowing any users to access the local auth. The local auth for skipping the SSO and where saviynt agent will be working on tickets.
With that said, I have attempted the workaround in our Dev instance that is referenced in these two posts:
https://forums.saviynt.com/t5/identity-governance/api-service-account-getting-401/td-p/63581
The workaround:
We had to slightly modify this as "User Modification Auto Approve" is no longer an option, so I have set the "Role Modification Workflow" temporarily to a flow that just auto-approves.
When attempting to update the user, I receive the message "Request was not submitted as no updates were made.
I'm guessing this means localAuthEnabled may already be set to true, however since I am unable to even query that property in the Data Analyzer, I can't verify.
Looking for any suggestions to get authenticated via the API. Using this account for transport also does not work and I'm assuming it's an issue along the same lines.
Solved! Go to Solution.
07/03/2024 08:33 PM
Refer https://forums.saviynt.com/t5/identity-governance/reset-api-password-v-24/m-p/89312#M57900
07/23/2024 09:47 AM
Hi @rushikeshvartak thank you for the reply. Apologies for my delay in updating, our Dev instance was down for 2 weeks due to a currently unknown reason.
I have followed those instructions and received:
{
"errorCode": "0",
"message": "SUCCESS User Updated Successfully"
}
However, I still am receiving a 401 unauthorized. I then used the Admin Functions to change the password for this account (which has the ROLE_ADMIN SAV Role), to the password that I currently have for it, and ran through the instructions again, but still received 401 Unauthorized when attempting to log in via Postman.
I then added more fields to the POST body of the instructions, to see if those might be the cause:
{
"username": "userWithRoleAdmin",
"localAuthEnabled": "true",
"passwordExpired": "false",
"enabled":"true",
"accountLocked":"false"
}
Although it says my update was successful, this also did not resolve my 401 issue when logging in with the account.
I have validated the username/password, as well as attempted POST requests to https://myUrl/ECM/api/v5/login, as well as https://myUrl/ECM/api/login (figured both were worth a shot).
In Postman, I have:
Auth Type: No Auth
Headers: Content-Type application/json
Body:
{
"username": "userWithRoleAdmin",
"password": "fakePassword"
}
07/23/2024 02:26 PM
Refer Saviynt API Documentation
https://docs.saviyntcloud.com/bundle/API-Reference-Guide/page/Content/API-References.htm
download latest 24.7 package and validate
07/24/2024 05:54 AM - edited 07/24/2024 06:17 AM
Due to a separate issue I ended up using Postman on the web versus the Windows application, and the API call to log in in the 24.4 package I was using is working successfully on there. I rebooted and still get 401 errors on the Windows client, but since it is working on the web version there must be a separate issue going on. Thank you for all the useful links @rushikeshvartak !
08/05/2024 06:10 AM
The 401 unauthorized error I was receiving while using the Postman client on my laptop, was due to an invalid login URL. Well, invalid for the Postman.exe but still worked on the web version, which makes things a bit confusing.
Anyway, support provided me with the working URL which is:
https://instance-name.saviyntcloud.com/ECMv6/api/auth/login