- edited on
The service account has a SAV role which has access to the required webservice urls
Need to follow these steps, in order, when creating the Service Account/User:
1. Create User
2. Set localauthenabled=1 (true)
3. Change password via 'Admin Function' to desired password
4. Set passwordexpired=0 (false)
Note: localauthenabled must be true before the password is changed/reset. After the password is changed you can then set localauthenabled back to 0, as it is not required for API login.
When accessing the API:
1. Verify the password for the user/service account is correct2. Ensure the user that we are using for API has the proper SAV role assigned and the access for API calls are added in that SAV role.
3. Use below steps to verify the call
3. Select ‘Body’ tab and then ‘Raw’. Enter the user name and password value in format
Link of postman collection for reference
I do not see localauthenabled column in v23.4. Any alternate solution for the new version?
Can you explain what localauthenabled has to do with this if "it is not required for API login"? The account we created already has a working password. Why does it need to be reset? Why are the WebService SAV roles not enough to allow use of the REST APIs? If an additional setting is needed (making the SAV roles pointless) to allow use of the REST APIs shouldn't that be done via an account option and not a hidden DB column? Or is this all just a work around for a bug in the product?
Thank you for contacting Saviynt Forums. We appreciate your inquiry, and our team is currently investigating the matter. We will provide you with a prompt response and address your concerns accordingly. If you have any additional information to share, please feel free to provide it. Thank you for your patience and understanding.
Hi @rushikeshvartak @DixshantValecha ,
We are using version 23.4 and we do not see any column in the user schema as 'LOCALAUTHENABLED'.
Can you please help us how to enable 'Saviynt for Saviynt' via REST connector in SSO enabled environment?
Currently, we are stuck at the authentication level for this connection and receiving 401 error.
Could you kindly share details regarding the method you are currently employing to check the schema for the 'LOCALAUTHENABLED' . This will assist us in gaining a clearer understanding of your existing approach and allow us to provide you with precise guidance.
Additionally, as an alternative option, you can leverage analytics capabilities to verify the 'localauthenabled' attribute. You may execute the following query:
SELECT localauthenabled FROM users WHERE username='admin'
Please validate and let us know if further assistance is needed on this.
Thanks a lot, Nidheesh Baskaruni (firstname.lastname@example.org) for resolving the issue on priority.Your help was much needed and really appreciated.
Can you please let us know how this was resolved ? we are in a same situation.
3 reasons for the problem-
1- The account which you are trying to use is not having ROLE_ADMIN.
Resolution - Please assign the account ROLE_ADMIN SAV role.
2- The account which you have created has not yet been set up for his security QA and reset his password.
Resolution - Login as the account first time in UI and setup its security QA and reset password.
3- Account's LOCALAUTHENABLED is not set and PASSWORD is expired.
Resolution- You can make EXPIREDPASSWORD to false using custom query. As LOCALAUTHENABLED is disabled to be changed from UI, you need to reach out to Support or Professional services
4- Mine is SSO enabled environment. If your's also then you need to take help from Support or Professional services as you can not set security QA and reset password of your newly created service account to be used in Sav for Sav integration.
Hope it helps.
Thank you for the detailed response. Yes, we do not see LOCALAUTHENABLED in the data analyzer. Did the professional services / support helped in changing it or it was done through custom query Job?
From the custom query job also it was not working, he tried.
he used analytics to enable LOCALAUTH but unfortunately, I am not aware, how to do it.
If you find please let me know.
Sure will do. Thanks again.
Refer to this
@DixshantValecha - LocalAuthEnabled Flag is not required for API Logins. Can you reverify the fact?
Hi @rajesh-ram I will update this forum post thanks.
I am having this issue. I created a service account, set the password, used postman to set passwordExpired to false and I am still getting a 401 when trying to authenticate via postman. localAuthEnabled is false. Any suggestions?