Hello,
Currently, I am trying to integrate SailPoint IdentityIQ (IIQ) with CyberArk PAM.
The integration is done through SCIM. I have already created the SCIM and successfully connected it to IIQ, as shown in screenshot (1) that I attached.
However, when I go to the “Schema” menu and try to click “Preview”, it does not work and shows an error, as shown in screenshot (2) that I attached.
Could you please help me with this issue?
Thank you.
Hi Benu;
The 401 Unauthorized error during schema preview usually indicates insufficient permissions or authentication issues. Please verify the CyberArk SCIM permissions and test the endpoint using Postman or cURL with the same credentials. If the same 401 error occurs, the issue is likely on the CyberArk side thanks.
Hi @benutop55 ,
Usually, error 401 - Unauthorized is thrown when insufficient permission found to perform specific operation. Please check if all necessary permissions are provided for technical user with this application is connected.
It looks like connector /Schemas endpoint rejecting the credentials because preview discovery calls different SCIM endpoints rather than test connection.
I would suggest test endpoint Postman/cURL:
/ServiceProviderConfig
/ResourceTypes
/Schemas
/ResourceTypes/User
I would also suggest enable SCIM connector trace logs to check which URL is returning 401.
logger.SCIM2Connector.name=openconnector.connector.scim2.SCIM2Connector
logger.SCIM2Connector.level=trace
Thanks
@benutop55 Would recommend give it a try in Postman first to make sure service account has all necessary permissions on required scopes. Also, can you please enable loggers and try running the aggregation and see if it is working or not?
Hello guys,
The issue has been resolved.
The problem was with the SSL configuration. The SCIM Server did not trust the CyberArk PVWA certificate because the PVWA certificate was not trusted, so the SCIM server rejected the connection.
To fix this, I had to install the CyberArk PVWA certificate on the SCIM Server first, and after that the issue was resolved.
Thank you for your responses and suggestions.
