I’m trying to enable the password reset option for the users in SailPoint so that they can reset their password on their own.
Please find the steps i performed for testing the password management from SailPoint IdentityNow.
We need a test account on any of the SAP to verify the password reset from SailPoint.
Hence created a test account on SAP.
As per SailPoint documentation, we followed below steps
From the Admin interface, select Applications.
select + New > named → Test
Under App Accounts Created By, select Admin (IT) but the tenant UI do not have this option.
Under Account Source, select Specific Users From Source or All Users From Source.
Choose the source you enabled Password Management on from the Select Source dropdown menu.
In the upper-right corner, set Enable For Users to ON and select Save.
Users with accounts on this source : Test will see and can manage their passwords for this source using Password Manager.
We got stuck in this place as the newly configured application does not appear in “Password Manager”.
The step mentioned in Admin guide for " App Accounts Created By" is not available in the Tenant UI. Below are the Screenshots for the same.
Get the external id or small id for your source. Use {{baseUrl}}/cc/api/source/list.
Get the Source details by its ID that you get in the first API call and check the value for “useForPasswordManagement”. Use {{baseUrl}}/cc/api/source/get/.
Do a POST call to update the value of useForPasswordManagement as true. Use API {{baseUrl}}/cc/api/source/update/.
Keep the Body as “x-www-form-urlencoded” and add the attribute and new value as key pair value.
Just a reminder that all CC APIs are deprecated and will be turned off by the end of this year. This may work for now, but do not rely on this functionality in the near future. This sounds like a bug that needs to be fixed in the product.
I got this working based on the instructions from @swapnasarit with a few modifications. - Thank you very much!
modifications as per below
Do a POST call to update the value of useForPasswordManagement as true. Use API {{baseUrl}}/cc/api/source/update/[source ID from cc list].
My post was done with headers:
Accept: application/json
payload was JSON:
{‘useForPasswordManagement’: ‘true’}
@colin_mckibben - This definitely seems like a bug. Please DM me if you would like our related support case number. After making the change using the cc api we managed to get this working. Thks
I have moved this topic to the Bugs category. If anyone is able to provide updates on their support ticket when this is fixed, that would be appreciated by the community.
I have tried your solution and the API call returns 410 Gone. May I know if the cc post has already depreciated or I have done something wrong in making the call?
Thanks.
I have confirmed that POST /cc/api/source/update/id has been deprecated. It has been replaced by the equivalent V3 endpoint as reported here in Non-Public API Deprecations.
As you and others have discovered, it appears that the ability to update useForPasswordManagement may not exist with PUT or PATCH v3/sources/id.
I see that you have opened a support ticket. If the support team is unable to resolve your issue and determines that this is a bug, an appropriate engineering ticket will be opened.
My ticket was closed by Support: "As this looks to be being handled by our dev relations and you have a work around I will go ahead and propose that this is resolved. "
I have not heard of a resolution, and still have this issue.