This guide helps you to test the CyberArk Identity self-service MFA enrollment related APIs using postman collection. Postman is an HTTP testing API application that allows you to monitor requests and responses.
- Install postman from https://www.postman.com/downloads/
- Get access to CyberArk Identity tenant
- Create a user in CyberArk Identity.
- Create a role and add the users to the role.
- Create a Policy and assign a role to the policy and ensure that the corresponding MFA is enabled for the user.
Once the postman collection is imported, the following variables must be pre-filled to run the collection based on the functionality you want to try out.
The following variables should be pre-filled for authentication profile management:
|tenant_url||The URL of the CyberArk Identity tenant (https://example.idaptive.app). The URL will be used for all API requests to CyberArk Identity.|
|username||The username of the CyberArk Identity directory user.|
|password||The password of the CyberArk Identity directory user.|
|sq_answer||The answer to the security question to be added.|
|sq_question||The security question to be added,|
|phone_pin||The phone PIN is required to a setup a phone call as MFA.|
|oath_otp||The time-based one-time password to set up the OATH OTP.|
|android_version||The version of the android phone that needs to be enrolled.|
|ios_version||The version of the iOS phone that needs to be enrolled.|
|fido2_security_id||The credential ID generated by the FIDO2 authenticator|
|fido2_raw_id||The ArrayBuffer contained in the [[identifier]] internal slot.|
|fido2_challenge||The challenge used for generating the newly created credential’s attestation object. This challenge can be generated using the /U2f/GetRegistrationChallenge API|
|fido2_authenticator_type||The FIDO2 authenticator type can either be "SECURITYKEY" for FIDO2 security key or "ONDEVICEAUTHENTICATOR" for on-device authenticator.|
|fido2_attestation_object||The attestation object that contains authenticator data and attestation statement.|
|fido2_client_data||This attribute, inherited from AuthenticatorResponse, contains the JSON-compatible serialization of client data|
|fido2_security_key_name||The name for the FIDO2 security key|
|new_password||The new password for the user.|
|old_password||The old password of the user that needs to be changed.|
Updated about 2 months ago