Postman collection for self-service MFA enrollment
This guide helps you to test the CyberArk Identity self-service MFA enrollment related APIs using postman collection. Postman is an HTTP testing API application that allows you to monitor requests and responses.
Prerequisites
- Install postman from https://www.postman.com/downloads/
- Get access to CyberArk Identity tenant
- Create a user in CyberArk Identity.
- Create a role and add the users to the role.
- Create a Policy and assign a role to the policy and ensure that the corresponding MFA is enabled for the user.
Import postman collection
Get started with postman collection
Once the postman collection is imported, the following variables must be pre-filled to run the collection based on the functionality you want to try out.
The following variables should be pre-filled for authentication profile management:
| Variable name | Description |
|---|---|
| tenant_url | The URL of the CyberArk Identity tenant (https://example.idaptive.app). The URL will be used for all API requests to CyberArk Identity. |
| username | The username of the CyberArk Identity directory user. |
| password | The password of the CyberArk Identity directory user. |
| sq_answer | The answer to the security question to be added. |
| sq_question | The security question to be added, |
| phone_pin | The phone PIN is required to a setup a phone call as MFA. |
| oath_otp | The time-based one-time password to set up the OATH OTP. |
| android_version | The version of the android phone that needs to be enrolled. |
| ios_version | The version of the iOS phone that needs to be enrolled. |
| fido2_security_id | The credential ID generated by the FIDO2 authenticator |
| fido2_raw_id | The ArrayBuffer contained in the [[identifier]] internal slot. |
| fido2_challenge | The challenge used for generating the newly created credential’s attestation object. This challenge can be generated using the /U2f/GetRegistrationChallenge API |
| fido2_authenticator_type | The FIDO2 authenticator type can either be "SECURITYKEY" for FIDO2 security key or "ONDEVICEAUTHENTICATOR" for on-device authenticator. |
| fido2_attestation_object | The attestation object that contains authenticator data and attestation statement. |
| fido2_client_data | This attribute, inherited from AuthenticatorResponse, contains the JSON-compatible serialization of client data |
| fido2_security_key_name | The name for the FIDO2 security key |
| new_password | The new password for the user. |
| old_password | The old password of the user that needs to be changed. |
Updated 7 days ago