Step by Step instruction to Setup / Update IAS User Passwords in Mass using Postman

Background:

As per SAP Note “3001615 - How to mass update user password in Identity Authentication” there are below options to update password of IAS users in mass:

1. Use SCIM Rest API, Update User Resource option. Provide the "password" attribute during the update, as a result, the password will be changed.
2. Create a collection of users to mass update more users at the same time. For Postman, following the document: Using the Collection Runner.
3. In case Identity Provisioning Service (IPS) is integrated, use it to set initial passwords for all users: Passwords Are Stored in Identity Authentication (initial password).

This blog focuses on step-by-step instruction on how to setup passwords in mass through Postman using Collection runner ( option 2).

Section 1 – Setup a system user in IAS:

To be able to update passwords for IAS users using the SCIM API, we need a system user in IAS for authentication in Postman. Follow below steps to create a system user:

1. Login to the IAS tenant admin console (https://<tenant ID>.accounts.ondemand.com/admin)
2. Open the “Administrators” tab in “Users & Authorizations” and click on Add. Create a System user by clicking on “System”.

3. Give the Display name:

4. In Configure Authorizations, select Manage Users and Manage Groups:

5. Click on Save button and next we must set the Secrets for authentication.

6. Click on Secrets and then add Secret. Make note of the Client ID and Client secret as this cannot be retrieved from system later. This will be required during authentication in Postman.

Section 2: Setup Postman:

1. Ensure you have installed POSTMAN and have logged in. It can be downloaded here: https://www.getpostman.com/.
2. Pick PUT with the following endpoint https://<tenantID>.accounts.ondemand.com/service/scim/Users/{{USERID}}. Here USERID is used as a variable.

3. Goto Authorizations. Select Basic Auth. In Username enter Client ID and in Password enter Client Secret you have setup earlier for the system user in IAS:

4. In Headers change Content-Type = application/scim+json. Keep all the other entries as is:

5. In Body, select RAW and JSON and enter the below code and save the settings:

{

    "id": "{{USERID}}",

    "passwordStatus": "enabled",

    "password": "Enter Password of your choice"

}

Password status = enabled will set password as productive for users. If you want to set password as initial use Password status = initial

You can provide password of your choice within quotes.

6. Define USERID as a variable in system. Click on the “USERID” and you will get option of “Set as variable”.

Section 3: Updating passwords in mass:

1. Prepare a list of IAS USER IDs for which you want to reset password in a file with .csv format. Ensure you give header name same as the variable name. In our example its USERID. Here we must use the system generated P IDs of users in IAS. Refer to screenshot below:

2. Execute the Script you saved earlier in Runner and give the number of iterations = number of entries you have in your upload file. Upload the load file in Data section and run the collection:

3. In run results you should see return code = 200 OK which confirms run was successful and password was setup for the user.

4. Password is configured for the users in IAS: