developer.sailpoint.com/docs/tools/sdk/powershell/reference/v2024/Methods/V2024PasswordManagementApi.md

id, title, pagination_label, sidebar_label, sidebar_class_name, keywords, slug, tags

id	title	pagination_label	sidebar_label	sidebar_class_name	keywords	slug	tags
v2024-password-management	PasswordManagement	PasswordManagement	PasswordManagement	powershellsdk	powershell PowerShell sdk PasswordManagement	/tools/sdk/powershell/v2024/methods/password-management	SDK Software Development Kit PasswordManagement

PasswordManagement

All URIs are relative to https://sailpoint.api.identitynow.com/v2024

Method	HTTP request	Description
New-V2024DigitToken	POST /generate-password-reset-token/digit	Generate a digit token
Get-V2024PasswordChangeStatus	GET /password-change-status/{id}	Get Password Change Request Status
Search-V2024PasswordInfo	POST /query-password-info	Query Password Info
Set-V2024Password	POST /set-password	Set Identity's Password

create-digit-token

This API is used to generate a digit token for password management. Requires authorization scope of "idn:password-digit-token:create".

Parameters

Param Type	Name	Data Type	Required	Description
XSailPointExperimental	String	True (default to "true")	Use this header to enable this experimental API.
Body	PasswordDigitTokenReset	PasswordDigitTokenReset	True

Return type

PasswordDigitToken

Responses

Code	Description	Data Type
200	The digit token for password management.	PasswordDigitToken
400	Client Error - Returned if the request body is invalid.	ErrorResponseDto
401	Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.	ListAccessProfiles401Response
403	Forbidden - Returned if the user you are running as, doesn't have access to this end-point.	ErrorResponseDto
429	Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.	ListAccessProfiles429Response
500	Internal Server Error - Returned if there is an unexpected error.	ErrorResponseDto

HTTP request headers

• Content-Type: application/json
• Accept: application/json

Example

$XSailPointExperimental = "true" # String | Use this header to enable this experimental API. (default to "true")
$PasswordDigitTokenReset = @"{
  "durationMinutes" : 5,
  "length" : 8,
  "userId" : "Abby.Smith"
}"@
# Generate a digit token
try {
    $Result = ConvertFrom-JsonToPasswordDigitTokenReset -Json $PasswordDigitTokenReset
    New-V2024DigitToken-V2024XSailPointExperimental $XSailPointExperimental -V2024PasswordDigitTokenReset $Result
    
    # Below is a request that includes all optional parameters
    # New-V2024DigitToken -V2024XSailPointExperimental $XSailPointExperimental -V2024PasswordDigitTokenReset $PasswordDigitTokenReset  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling New-V2024DigitToken"
    Write-Host $_.ErrorDetails
}

[Back to top]

get-password-change-status

This API returns the status of a password change request.

Parameters

Param Type	Name	Data Type	Required	Description
Path	Id	String	True	Password change request ID

Return type

PasswordStatus

Responses

Code	Description	Data Type
200	Status of the password change request	PasswordStatus
400	Client Error - Returned if the request body is invalid.	ErrorResponseDto
401	Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.	ListAccessProfiles401Response
403	Forbidden - Returned if the user you are running as, doesn't have access to this end-point.	ErrorResponseDto
404	Not Found - returned if the request URL refers to a resource or object that does not exist	ErrorResponseDto
429	Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.	ListAccessProfiles429Response
500	Internal Server Error - Returned if there is an unexpected error.	ErrorResponseDto

HTTP request headers

• Content-Type: Not defined
• Accept: application/json

Example

$Id = "089899f13a8f4da7824996191587bab9" # String | Password change request ID
# Get Password Change Request Status
try {
    Get-V2024PasswordChangeStatus-V2024Id $Id 
    
    # Below is a request that includes all optional parameters
    # Get-V2024PasswordChangeStatus -V2024Id $Id  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2024PasswordChangeStatus"
    Write-Host $_.ErrorDetails
}

[Back to top]

query-password-info

This API is used to query password related information.

Parameters

Param Type	Name	Data Type	Required	Description
Body	PasswordInfoQueryDTO	PasswordInfoQueryDTO	True

Return type

PasswordInfo

Responses

Code	Description	Data Type
200	Reference to the password info.	PasswordInfo
400	Client Error - Returned if the request body is invalid.	ErrorResponseDto
401	Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.	ListAccessProfiles401Response
403	Forbidden - Returned if the user you are running as, doesn't have access to this end-point.	ErrorResponseDto
429	Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.	ListAccessProfiles429Response
500	Internal Server Error - Returned if there is an unexpected error.	ErrorResponseDto

HTTP request headers

• Content-Type: application/json
• Accept: application/json

Example

$PasswordInfoQueryDTO = @"{
  "sourceName" : "My-AD",
  "userName" : "Abby.Smith"
}"@
# Query Password Info
try {
    $Result = ConvertFrom-JsonToPasswordInfoQueryDTO -Json $PasswordInfoQueryDTO
    Search-V2024PasswordInfo-V2024PasswordInfoQueryDTO $Result
    
    # Below is a request that includes all optional parameters
    # Search-V2024PasswordInfo -V2024PasswordInfoQueryDTO $PasswordInfoQueryDTO  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Search-V2024PasswordInfo"
    Write-Host $_.ErrorDetails
}

[Back to top]

set-password

This API is used to set a password for an identity.

An identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their ISC user, such as a personal access token or "authorization_code" derived OAuth token.

Note: If you want to set an identity's source account password, you must enable PASSWORD as one of the source's features. You can use the PATCH Source endpoint to add the PASSWORD feature.

To generate the encryptedPassword (RSA encrypted using publicKey) for the request body, run the following command:

echo -n "myPassword" | openssl pkeyutl -encrypt -inkey public_key.pem -pubin | base64

In this example, myPassword is the plain text password being set and encrypted, and public_key.pem is the path to the public key file. You can retrieve the required publicKey, along with other information like identityId, sourceId, publicKeyId, accounts, and policies, using the Query Password Info endpoint.

To successfully run this command, you must have OpenSSL installed on your machine. If OpenSSL is unavailable, consider using the Virtual Appliance (VA), which has OpenSSL pre-installed and configured.

If you are using a Windows machine, refer to this guide for instructions on installing OpenSSL.

You can then use Get Password Change Request Status to check the password change request status. To do so, you must provide the requestId from your earlier request to set the password.

Parameters

Param Type	Name	Data Type	Required	Description
Body	PasswordChangeRequest	PasswordChangeRequest	True

Return type

PasswordChangeResponse

Responses

Code	Description	Data Type
202	Reference to the password change.	PasswordChangeResponse
400	Client Error - Returned if the request body is invalid.	ErrorResponseDto
401	Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.	ListAccessProfiles401Response
403	Forbidden - Returned if the user you are running as, doesn't have access to this end-point.	ErrorResponseDto
429	Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.	ListAccessProfiles429Response
500	Internal Server Error - Returned if there is an unexpected error.	ErrorResponseDto

HTTP request headers

• Content-Type: application/json
• Accept: application/json

Example

$PasswordChangeRequest = @"{
  "sourceId" : "8a807d4c73c545510173c545d4b60246",
  "accountId" : "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com",
  "identityId" : "8a807d4c73c545510173c545f0a002ff",
  "publicKeyId" : "YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2",
  "encryptedPassword" : "XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A=="
}"@
# Set Identity's Password
try {
    $Result = ConvertFrom-JsonToPasswordChangeRequest -Json $PasswordChangeRequest
    Set-V2024Password-V2024PasswordChangeRequest $Result
    
    # Below is a request that includes all optional parameters
    # Set-V2024Password -V2024PasswordChangeRequest $PasswordChangeRequest  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Set-V2024Password"
    Write-Host $_.ErrorDetails
}

[Back to top]