Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Saviynt API - 401 unauthorized

Go to solution
Brian
New Contributor III
New Contributor III

‎07/03/2024 10:17 AM

Hello,

We have set up accounts that can use the Saviynt API in our Prod and Dev instances.  We are also attempting to use this account for Transport as that requires a username/password combo too.  We have SSO enabled.

I have read forum posts that say to make sure the password is not expired and that localAuthEnabled = true in order to get this working.  Saviynt support has said they will not set localAuthEnabled = true for us:

Hello Brian,

As of now, we are not allowing any users to access the local auth. The local auth for skipping the SSO and where saviynt agent will be working on tickets.

With that said, I have attempted the workaround in our Dev instance that is referenced in these two posts:

https://forums.saviynt.com/t5/identity-governance/api-service-account-getting-401/td-p/63581

https://forums.saviynt.com/t5/identity-governance/enabling-local-authentication-with-enhanced-query-...

The workaround:

  1. Go to Global Configuration -> Identity Lifecycle -> Register User form -> Action -> Create
  2. Create a dynamic attribute as follows:
    1. Name: LocalAuthEnabled
    2. Request Type: User
    3. Label: Set LocalAuthEnabled
    4. Attribute Type: Boolean
    5. User Column: localAuthEnabled
    6. Select Editable on Update and Hide on Create
    7. Action: Mapping
  3. Go to User Modification Auto Approve and check that box.
  4. Go to Home -> Update User Request -> Search the user and you will see the form being opened where you will have the Localauthenabled attribute that you created
  5. Select true and submit. 
  6. Repeat for other users as needed
  7. Go back to User Modification Auto Approve and uncheck that box.

We had to slightly modify this as "User Modification Auto Approve" is no longer an option, so I have set the "Role Modification Workflow" temporarily to a flow that just auto-approves.

When attempting to update the user, I receive the message "Request was not submitted as no updates were made.

Brian_0-1720026844860.png

I'm guessing this means localAuthEnabled may already be set to true, however since I am unable to even query that property in the Data Analyzer, I can't verify.

Looking for any suggestions to get authenticated via the API. Using this account for transport also does not work and I'm assuming it's an issue along the same lines.

0 Kudos
5 REPLIES 5

Go to solution
rushikeshvartak
All-Star
All-Star

‎07/03/2024 08:33 PM

Refer https://forums.saviynt.com/t5/identity-governance/reset-api-password-v-24/m-p/89312#M57900


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Go to solution
Brian
New Contributor III
New Contributor III
In response to rushikeshvartak

‎07/23/2024 09:47 AM

Hi @rushikeshvartak thank you for the reply. Apologies for my delay in updating, our Dev instance was down for 2 weeks due to a currently unknown reason.

I have followed those instructions and received:

{
    "errorCode": "0",
    "message": "SUCCESS User Updated Successfully"
}

However, I still am receiving a 401 unauthorized.   I then used the Admin Functions to change the password for this account (which has the ROLE_ADMIN SAV Role), to the password that I currently have for it, and ran through the instructions again, but still received 401 Unauthorized when attempting to log in via Postman.

I then added more fields to the POST body of the instructions, to see if those might be the cause:

{
    "username": "userWithRoleAdmin",
    "localAuthEnabled": "true",
    "passwordExpired": "false",
    "enabled":"true",
    "accountLocked":"false"
}

Although it says my update was successful, this also did not resolve my 401 issue when logging in with the account.

I have validated the username/password, as well as attempted POST requests to https://myUrl/ECM/api/v5/login,  as well as https://myUrl/ECM/api/login (figured both were worth a shot).

In Postman, I have:

Auth Type: No Auth

Headers: Content-Type application/json

Body: 

{
    "username": "userWithRoleAdmin",
    "password": "fakePassword"
}

 

 

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Brian

‎07/23/2024 02:26 PM

Refer Saviynt API Documentation

https://docs.saviyntcloud.com/bundle/API-Reference-Guide/page/Content/API-References.htm

 

download latest 24.7 package and validate


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
Brian
New Contributor III
New Contributor III

‎07/24/2024 05:54 AM - edited ‎07/24/2024 06:17 AM

Due to a separate issue I ended up using Postman on the web versus the Windows application, and the API call to log in in the 24.4 package I was using is working successfully on there.  I rebooted and still get 401 errors on the Windows client, but since it is working on the web version there must be a separate issue going on.  Thank you for all the useful links @rushikeshvartak !

0 Kudos

Go to solution
Brian
New Contributor III
New Contributor III
In response to Brian

‎08/05/2024 06:10 AM

The 401 unauthorized error I was receiving while using the Postman client on my laptop, was due to an invalid login URL.  Well, invalid for the Postman.exe but still worked on the web version, which makes things a bit confusing. 

Anyway, support provided me with the working URL which is:

https://instance-name.saviyntcloud.com/ECMv6/api/auth/login

0 Kudos
Copyright © 2024 Khoros, LLC