We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Option to change API Password for Service Account Owners/Pre Authorized users is not available

sk
All-Star
All-Star

Team,

In our use case we need to integrate applications to pull the password from Saviynt for that we are using Saviynt REST API method to achieve this. As part of this process Application team has to follow / make below three calls

  1. Authenticate with Saviynt
  2. Generate long lasting token
  3. Check Out the password

In this process service account owner/pre-authorized users has to do step#1 and step#2 and share the long lasting token to app team so that they configure their application to use that token and make an API call to check out(step#3) the password of service account.

Now the issue is to authenticate to Saviynt using REST API service account owner/ pre-authorized users need to set their API Password. But we don't see this option is getting visible to respective users even though we assigned required feature to respective Users Sav Role

We tried to provide feature: Reset_API_Password which has all required URLs but we still don't see any link or tile appeared on home screen.

sk_0-1668716403708.png

sk_2-1668716714671.png

sk_3-1668716731961.png

We have another on-prem environment(v2020) where we have similar setup and there it looks like below

sk_4-1668716922739.png

And below is the feature that is giving above view

sk_5-1668716962236.png

Respective URLs of that feature

sk_6-1668717077741.png

Also to show this tile we were suggested to make changes in UI-Track Microservices and below are the changes done to achieve this

sk_7-1668717124234.png

Now being in SaaS Environment we not sure whether such changes are applied or not. If that is not supported in SaaS Environment/new versions then how do we achieve this so that we can let Service Account Owners/Pre-Authorized Users to set their API password so that they can authenticate themselves using API calls?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
8 REPLIES 8

rushikeshvartak
All-Star
All-Star

Enable tile on ars from create home options


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

That option is not available in create home options.

sk_0-1669040461404.png

As mentioned this is customization we did on on-prem environment which we are not sure if it is supported is SaaS version, If not what are the alternate options


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

options are still available on ARS

rushikeshvartak_0-1669052780462.png


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Those are to change Service Account and User owned account password. But the option I am looking for is to set the User Saviynt Password which will be used for REST authentication


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

NageshK
Saviynt Employee
Saviynt Employee

@sk Below is how you can enable change password option so that users can set local password in Saviynt. 
We have also identified the changes to be done in the AAPM article in our docs portal and that should soon be published.  

  1. If SSO is enabled, ensure that the Enable Change Password option is enabled for a specific SAV role (ROLE_SAV_AAPM) so that users who wants to generate a long-lasting token can set their local password in Saviynt.

    For users to setup a local Saviynt password, perform the following:

      1. Enable the Enable Change Password option.

        1. Navigate to Applications > Admin > Global Configuration > Preferences.

        2. Select the Enable Change Password option under the Profile Menu section.

      2. Add the below configuration change in the SAV role (ROLE_SAV_AAPM) created:

        1. Navigate to Applications > Admin > Sav Roles.

        2. On the SAV Role List page, click the specific SAV role (ROLE_SAV_AAPM).

        3. Go to the Create Request Home Option tab and select the Change Password option.

      3. Create a local Saviynt password.

        1. On the EIC welcome page, go to user profile and click the Change Password option.

        2. On the Change Password page, update the new password and click Submit.

    The password is successfully updated.

@NageshK : Thanks for the response, Couple of questions

  1. Sav Role should be ROLE_SAV_AAPM only or can we use any custom SAV Role that we intend to use
  2. Under Create Request Home Option tab and select the Change Password Don't we have to select any available options from Select Change Password Options?
  3. After enabling this should we have to enable LOCALAUTHENABLED? Because currently we see this setting is disabled for all users in our environment
  4. If we have to enable local auth is there any security concern we can foresee?

Also we tried these suggestions as per the response given to our ticket #1561728 but we still see it didn't work as expected only changes to instructions are

  • we used our custom SAV_ROLE to enable this configuration and 
  • we selected RESET Saviynt Password from Select Change Password Options

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

NageshK
Saviynt Employee
Saviynt Employee

@sk responses below:

1. Sav Role can be anything. The name was given as an example. You can use your custom sav role as well

2. Yes, under Change Password, you have to select "REST Saviynt Password" option

3. No, you do not need to and should not modify that field. That will be a security concern

4.  I just tried this internally and it seems like we may have to do the change password step twice for this to work. Can you try perforing change password one more time and verify?

@NageshK : It worked but I had to do multiple attempts of change password. On 4th or 5th attempt it worked. Looks like something not correct/consistent. Is there any issue? Why I had to do multiple attempts?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.