Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
No ratings

How to troubleshoot 401 unauthorized error from postman when using Saviynt API

DixshantValecha
Saviynt Employee
Saviynt Employee

on ‎03/30/2023 10:28 AM - edited on ‎06/12/2023 03:34 PM by Community Manager

Use Case

Customer created a user (service account) in Saviynt for using Saviynt APIs from Postman.
However they are unable to login from Postman and are getting 401 unauthorized error.
 

Pre-requisites

The service account has a SAV role which has access to the required webservice urls

 

Applicable Version(s)

5.5.x, 2020.X and above.

Solution

Need to follow these steps, in order, when creating the Service Account/User:

1.  Create User

2.  Set localauthenabled=1 (true)

3.  Change password via 'Admin Function' to desired password

4.  Set passwordexpired=0 (false)

Note:  localauthenabled must be true before the password is changed/reset.  After the password is changed you can then set localauthenabled back to 0, as it is not required for API login.

When accessing the API:

1. Verify the password for the user/service account is correct
2. Ensure the user that we are using for API has the proper SAV role assigned and the access for API calls are added in that SAV role.

3. Use below steps to verify the call

  1. Enter the url value as (POST METHOD) - https://<companyname>.saviyntcloud.com/ECM/api/login 
  2. Under Authorization tab, select type as No Auth

CSdz-8_wFBdljp3iE8d3Okh23lImiucEmA.png

     3. Select ‘Body’ tab and then ‘Raw’. Enter the user name and password value in format 

{"username":"svc_api","password":"xxxxxxx"}

test34.png

 


References

Link of postman collection for reference

https://documenter.getpostman.com/view/1797923/RWaLwo21#intro

Labels:
0 Kudos
Comments
sivapraturi
New Contributor
New Contributor
‎05/31/2023 11:50 AM

I do not see localauthenabled column in v23.4. Any alternate solution for the new version?

ChrisBellobuono
New Contributor III
New Contributor III
‎06/01/2023 05:58 AM

Can you explain what localauthenabled has to do with this if "it is not required for API login"?  The account we created already has a working password.  Why does it need to be reset?  Why are the WebService SAV roles not enough to allow use of the REST APIs?  If an additional setting is needed (making the SAV roles pointless) to allow use of the REST APIs shouldn't that be done via an account option and not a hidden DB column?  Or is this all just a work around for a bug in the product?

DixshantValecha
Saviynt Employee
Saviynt Employee
‎06/05/2023 05:00 AM

Thank you for contacting Saviynt Forums. We appreciate your inquiry, and our team is currently investigating the matter. We will provide you with a prompt response and address your concerns accordingly. If you have any additional information to share, please feel free to provide it. Thank you for your patience and understanding.

yatishtiwari
Regular Contributor
Regular Contributor
‎06/06/2023 09:54 AM

Hi @rushikeshvartak @DixshantValecha ,

We are using version 23.4 and we do not see any column in the user schema as 'LOCALAUTHENABLED'.

Can you please help us how to enable 'Saviynt for Saviynt' via REST connector in SSO enabled environment?

Currently, we are stuck at the authentication level for this connection and receiving 401 error.

Thanks,

Yatish

 

 

DixshantValecha
Saviynt Employee
Saviynt Employee
‎06/08/2023 10:45 AM

Could you kindly share details regarding the method you are currently employing to check the schema for the 'LOCALAUTHENABLED' . This will assist us in gaining a clearer understanding of your existing approach and allow us to provide you with precise guidance.

Additionally, as an alternative option, you can leverage analytics capabilities to verify the 'localauthenabled' attribute. You may execute the following query:

SELECT localauthenabled FROM users WHERE username='admin'

Please validate and let us know if further assistance is needed on this.

yatishtiwari
Regular Contributor
Regular Contributor
‎06/08/2023 01:45 PM

Thanks a lot, Nidheesh Baskaruni  (nidheesh.baskaruni@saviynt.com) for resolving the issue on priority.
Your help was much needed and really appreciated.

 

lionelrl
New Contributor III
New Contributor III
‎06/15/2023 07:27 AM

Can you please let us know how this was resolved ? we are in a same situation.

 

-Lionel 

yatishtiwari
Regular Contributor
Regular Contributor
‎06/15/2023 09:12 AM

Hi Lionel,

3 reasons for the problem-

1- The account which you are trying to use is not having ROLE_ADMIN.

Resolution - Please assign the account ROLE_ADMIN SAV role.

2- The account which you have created has not yet been set up for his security QA and reset his password.

Resolution - Login as the account first time in UI and setup its security QA and reset password.

3- Account's LOCALAUTHENABLED is not set and PASSWORD is expired.

Resolution- You can make EXPIREDPASSWORD to false using custom query. As LOCALAUTHENABLED is disabled to be changed from UI, you need to reach out to Support or Professional services

4- Mine is SSO enabled environment. If your's also then you need to take help from Support or Professional services as you can not set security QA and reset password of your newly created service account to be used in Sav for Sav integration.

Hope it helps.

Thanks,

Yatish

 

lionelrl
New Contributor III
New Contributor III
‎06/15/2023 09:51 AM

Thank you for the detailed response. Yes, we do not see LOCALAUTHENABLED in the data analyzer. Did the professional services / support helped in changing it or it was done through custom query Job?

 

-Lionel

yatishtiwari
Regular Contributor
Regular Contributor
‎06/15/2023 09:54 AM

From the custom query job also it was not working, he tried. 

he used analytics to enable LOCALAUTH but unfortunately, I am not aware, how to do it.

If you find please let me know.

lionelrl
New Contributor III
New Contributor III
‎06/15/2023 09:55 AM

Sure will do. Thanks again. 

Regards,

Lionel

sivapraturi
New Contributor
New Contributor
‎06/15/2023 09:57 AM

Refer to this

https://forums.saviynt.com/t5/identity-governance/api-amp-local-authentication/m-p/25216#M13223

Rajesh-R
Saviynt Employee
Saviynt Employee
‎11/27/2023 12:41 AM

@DixshantValecha  - LocalAuthEnabled Flag is not required for API Logins. Can you reverify the fact?

DixshantValecha
Saviynt Employee
Saviynt Employee
‎11/28/2023 02:31 AM

Hi @Rajesh-R I will update this forum post thanks.

jralexander137
New Contributor II
New Contributor II
‎11/29/2023 01:41 PM

I am having this issue. I created a service account, set the password, used postman to set passwordExpired to false and I am still getting a 401 when trying to authenticate via postman. localAuthEnabled is false. Any suggestions?

Version history
Last update:
‎06/12/2023 03:34 PM
Updated by:
Community Manager
Copyright © 2024 Khoros, LLC