IDN Password Management API

Hi All,

We have a few questions related to the IDN Password Management API as document here: SailPoint - SaaS API

Can you please provide detail on how to use/send the publicKeyId value? Can we create our own keys?

For encryptedPassword, how can we encrypt the password? Is there more detail than ‘RSA’?

What permissions are required for setting/changing passwords via API?

Thank you,
Raymond L

Hi Raymond, I went ahead and provided this response in the support ticket you opened. I wanted to copy it here for posterity, in case someone else needs the same information later.

I believe you should be able to pull the public key for setting a user’s password by first getting their existing password setting:
https://developer.sailpoint.com/apis/v3/#operation/queryPasswordInfo

I also performed a bit of additional research with google, and found this document that seems to have a good explanation of RSA encryption and how it can be performed using a public key.

As for the required permissions, we can see this note in the document you linked:
The password can only be set by the actual identity owner or by a trusted API client application.

The way I interpret this is that the API endpoint can be used to update passwords if you are authenticated as the actual identity whose password is changing, or you may also be able to perform this change authenticated as an ORG_ADMIN.

I hope this is helpful.

1 Like