Scenario
We are setting up the Password Interceptor for the first time for a client that uses SailPoint IdentityNow.
The interceptor was successfully installed, and the agent is running properly. However, when we attempt a password change, the following error is logged:
07/20/2025 12:17:28 : ServiceEntry [ Thread-9 ] ERROR : “Web Exception occurred :The remote server returned an error: (403) Forbidden. For user:F00011785”
07/20/2025 12:17:28 : ServiceEntry [ Thread-9 ] ERROR : “Error code: 403 Forbidden”
07/20/2025 12:17:28 : ServiceEntry [ Thread-9 ] ERROR : “Error message: The server understood the request but refuses to authorize it.”
What we’ve verified so far
- The agent successfully obtains an Access Token using client credentials:
URL to fetch the access token: https://client.api.identitynow.com/oauth/token?grant_type=client_credentials
Request to get the access token was successful: OK
- We created a new Personal Access Token (PAT) with the scope scope:all, but the 403 Forbidden error still occurs.
Question
What else should we check or configure to ensure that the Password Interceptor is authorized to send password change events to IdentityNow?