This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Set API Password to Access Saviynt API's For Service User

Go to solution
Sivagami
All-Star
All-Star

‎07/28/2022 10:33 AM

I have a service user let's say apiuser and I need to give it Saviynt API access.

As an admin, I tried resetting the password from UI via Admin->Admin Functions->Admin Functions

The password set here if used in API throws 401 unauthorized

Note: Our environment is SSO enabled, so I can't log in via the direct link to log in with the password set and then change the API password from the UI option.

Sivagami_0-1659029433252.png

Anyone faced a similar issue and how did you manage to set the API password as self-service instead of reaching out to Saviynt to do it from the backend? 

-Siva

Labels:
0 Kudos
9 REPLIES 9

Go to solution
sahajranajee
Saviynt Employee
Saviynt Employee

‎07/29/2022 01:34 AM

Hi @Sivagami ,

Assuming you are already using this api/service account for calling APIs, the localauthenabled attribute on the user profile should already be 1. This attribute dictates whether local authentication would be allowed for a user when SSO is enabled on your application.

In that scenario, you can reset the password for your user using the 'changePassword' API.

Password change via this API would not set passwordexpired to 1 and hence the set password should work.

sahajranajee_0-1659083404894.png

 

In case you still see a 401 after a password change via the api, check the localauthenabled value for your user via Analytics.

You can then set the value for localauthenabled as 1 via SaviyntForSaviynt user import or via CustomQuery job.




Regards,
Sahaj Ranajee
Sr. Product Specialist

Go to solution
Sivagami
All-Star
All-Star
In response to sahajranajee

‎08/01/2022 03:29 AM

Thanks Sahaj for the response.

localauthenabled attribute is not 1 for api users that we already use. 

I tried the API to set the password for the new apiuser and it worked this time.

Thanks much for the self-service option you provided.

 

 

0 Kudos

Go to solution
Bharadwaj
New Contributor II
New Contributor II
In response to sahajranajee

‎08/31/2022 11:16 PM

Hi,

Thanks for the detailed solution. We have enabled localauthenabled=1 for the service account user and changed the password using the API endpoint mentioned above. However, we are seeing 401 when tried to get the API token using Postman.

We checked the value of localauthenabled using Analytics and see the value is set to 'true'. User also has a ADMIN SAV role and an active Saviynt account.

Could you please let us know what could the reason?

Thanks!

0 Kudos

Go to solution
BrandonLucas_BF
Regular Contributor II
Regular Contributor II
In response to Bharadwaj

‎12/12/2022 02:36 PM

Were you able to resolve this? I have the same issue and have had no luck figuring it out.

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to BrandonLucas_BF

‎12/12/2022 03:22 PM

Are you able to see login page ?

does same error with api ?


Regards,
Rushikesh Vartak
0 Kudos

Go to solution
BrandonLucas_BF
Regular Contributor II
Regular Contributor II

‎12/13/2022 06:00 AM

We are using SSO so there is no way to test this user with the login page. I'm using the API. This was set up prior to my working in this environment. I followed this process:

  • Created new user in Saviynt
  • During creation did not set to expire password
  • Granted role_admin
  • Reset password
  • Using Postman, calling: https://tenantname.saviyntcloud.com/ECM/api/login
    • Body: 
      {"username":"usernamehere","password":"passwordhere"}
      Header:
      Content-Type applicaton/json
       
      Using admin user in development, I can connect and get token. Using the created account, I am unable to retrieve a token. I get 401 unauthorized. There is nothing in the logs. I see the exact same behavior in production. Have tried setting LOCALAUTHENABLED to 1 on the account and it makes no difference.
       
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to BrandonLucas_BF

‎12/13/2022 09:00 AM

can you provide logs when you hit api from postman


Regards,
Rushikesh Vartak
0 Kudos

Go to solution
BrandonLucas_BF
Regular Contributor II
Regular Contributor II

‎12/13/2022 07:33 AM

An update: tricked our SSO provider into allowing me to login to the UI as this user. I am able to log in. There appears to be no issue with the account. In 2020.1 there is no "reset API password" GUI option, so I'm wondering if this is somehow related to that. Does anyone know how this should work? Documentation is insufficient for this process.

0 Kudos

Go to solution
BrandonLucas_BF
Regular Contributor II
Regular Contributor II

‎12/19/2022 01:10 PM - last edited on ‎12/19/2022 01:29 PM by Community Manager

I wanted to return and post instructions I received from Saviynt support which worked for us. You can reset the password via gui. I think for us the issue that we kept encountering was when you reset the password you must be sure to set passwordexpire=0 and you also must have localauthenabled set to true *before* the password reset. The steps below can be used for setup of an API user:

 

Need to follow these steps, in order, when creating the Service Account/User:
1.  Create User
2.  Set localauthenabled=1 (true)
3.  Change password via 'Admin Function' to desired password
4.  Set passwordexpired=0 (false)
 
Note:  localauthenabled must be true before the password is changed/reset.  After the password is changed you can then set localauthenabled back to 0, as it is not required for API login.
 
When accessing the API:

1. Verify the password for the user/service account is correct

2. Ensure the user that we are using for API has the proper SAV role assigned and the access for API calls are added in that SAV role.
3. Use below steps to verify the call
 
  1. Enter the url value as (POST METHOD) - https://...dev.saviyntcloud.com/ECM/api/login
  2. 19.png

     

  3. Under Authorization tab, select type as No Auth
 

 

        3. Select ‘Body’ tab and then ‘Raw’. Enter the user name and password value in format 
18.png

 

{"username":"svc_api","password":"xxxxxxx"}
 
 

 

Thank you to @Amandhu Amandhu Rajashekhar from Saviynt support for this resolution. 
Copyright © 2023 Khoros, LLC