Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon
No ratings
DixshantValecha
Saviynt Employee
Saviynt Employee

Use Case

Customer created a user (service account) in Saviynt for using Saviynt APIs from Postman.
However they are unable to login from Postman and are getting 401 unauthorized error.
 

Pre-requisites

The service account has a SAV role which has access to the required webservice urls

 

Applicable Version(s)

5.5.x, 2020.X and above.

Solution

Need to follow these steps, in order, when creating the Service Account/User:

1.  Create User

2.  Set localauthenabled=1 (true)

3.  Change password via 'Admin Function' to desired password

4.  Set passwordexpired=0 (false)

Note:  localauthenabled must be true before the password is changed/reset.  After the password is changed you can then set localauthenabled back to 0, as it is not required for API login.

When accessing the API:

1. Verify the password for the user/service account is correct
2. Ensure the user that we are using for API has the proper SAV role assigned and the access for API calls are added in that SAV role.

3. Use below steps to verify the call

  1. Enter the url value as (POST METHOD) - https://<companyname>.saviyntcloud.com/ECM/api/login 
  2. Under Authorization tab, select type as No Auth

CSdz-8_wFBdljp3iE8d3Okh23lImiucEmA.png

     3. Select ‘Body’ tab and then ‘Raw’. Enter the user name and password value in format 

{"username":"svc_api","password":"xxxxxxx"}

test34.png

 


References

Link of postman collection for reference

https://documenter.getpostman.com/view/1797923/RWaLwo21#intro

Comments
sivapraturi
New Contributor
New Contributor

I do not see localauthenabled column in v23.4. Any alternate solution for the new version?

ChrisBellobuono
New Contributor III
New Contributor III

Can you explain what localauthenabled has to do with this if "it is not required for API login"?  The account we created already has a working password.  Why does it need to be reset?  Why are the WebService SAV roles not enough to allow use of the REST APIs?  If an additional setting is needed (making the SAV roles pointless) to allow use of the REST APIs shouldn't that be done via an account option and not a hidden DB column?  Or is this all just a work around for a bug in the product?

DixshantValecha
Saviynt Employee
Saviynt Employee

Thank you for contacting Saviynt Forums. We appreciate your inquiry, and our team is currently investigating the matter. We will provide you with a prompt response and address your concerns accordingly. If you have any additional information to share, please feel free to provide it. Thank you for your patience and understanding.

yatishtiwari
Regular Contributor
Regular Contributor

Hi @rushikeshvartak @DixshantValecha ,

We are using version 23.4 and we do not see any column in the user schema as 'LOCALAUTHENABLED'.

Can you please help us how to enable 'Saviynt for Saviynt' via REST connector in SSO enabled environment?

Currently, we are stuck at the authentication level for this connection and receiving 401 error.

Thanks,

Yatish

 

 

DixshantValecha
Saviynt Employee
Saviynt Employee

Could you kindly share details regarding the method you are currently employing to check the schema for the 'LOCALAUTHENABLED' . This will assist us in gaining a clearer understanding of your existing approach and allow us to provide you with precise guidance.

Additionally, as an alternative option, you can leverage analytics capabilities to verify the 'localauthenabled' attribute. You may execute the following query:

SELECT localauthenabled FROM users WHERE username='admin'

Please validate and let us know if further assistance is needed on this.

yatishtiwari
Regular Contributor
Regular Contributor

Thanks a lot, Nidheesh Baskaruni  (nidheesh.baskaruni@saviynt.com) for resolving the issue on priority.
Your help was much needed and really appreciated.

 

lionelrl
New Contributor III
New Contributor III

Can you please let us know how this was resolved ? we are in a same situation.

 

-Lionel 

yatishtiwari
Regular Contributor
Regular Contributor

Hi Lionel,

3 reasons for the problem-

1- The account which you are trying to use is not having ROLE_ADMIN.

Resolution - Please assign the account ROLE_ADMIN SAV role.

2- The account which you have created has not yet been set up for his security QA and reset his password.

Resolution - Login as the account first time in UI and setup its security QA and reset password.

3- Account's LOCALAUTHENABLED is not set and PASSWORD is expired.

Resolution- You can make EXPIREDPASSWORD to false using custom query. As LOCALAUTHENABLED is disabled to be changed from UI, you need to reach out to Support or Professional services

4- Mine is SSO enabled environment. If your's also then you need to take help from Support or Professional services as you can not set security QA and reset password of your newly created service account to be used in Sav for Sav integration.

Hope it helps.

Thanks,

Yatish

 

lionelrl
New Contributor III
New Contributor III

Thank you for the detailed response. Yes, we do not see LOCALAUTHENABLED in the data analyzer. Did the professional services / support helped in changing it or it was done through custom query Job?

 

-Lionel

yatishtiwari
Regular Contributor
Regular Contributor

From the custom query job also it was not working, he tried. 

he used analytics to enable LOCALAUTH but unfortunately, I am not aware, how to do it.

If you find please let me know.

lionelrl
New Contributor III
New Contributor III

Sure will do. Thanks again. 

Regards,

Lionel

sivapraturi
New Contributor
New Contributor
Rajesh-R
Saviynt Employee
Saviynt Employee

@DixshantValecha  - LocalAuthEnabled Flag is not required for API Logins. Can you reverify the fact?

DixshantValecha
Saviynt Employee
Saviynt Employee

Hi @Rajesh-R I will update this forum post thanks.

jralexander137
Regular Contributor
Regular Contributor

I am having this issue. I created a service account, set the password, used postman to set passwordExpired to false and I am still getting a 401 when trying to authenticate via postman. localAuthEnabled is false. Any suggestions?

Version history
Last update:
‎06/12/2023 03:34 PM
Updated by: