Expand my Community achievements bar.

Latest Community Ideas Review is Out: Discover What’s New and What to Expect!
SOLVED

API Key generation

Avatar

Level 4

The documentation says that to generate an API key for a non-admin users you have to disable SSO for the entire instance. Is there any other way to do this? Maybe through Fusion?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

API
1 Accepted Solution

Avatar

Correct answer by
Level 4

I think the answer may be to

  1. Create a new user with system admin access level
  2. Login as that user and generate the API Key
  3. Switch the user's access level

View solution in original post

7 Replies

Avatar

Community Advisor

Hi Jason,

The Great Power is at https://atappstore.testdrive.workfront.com/attask/api-unsupported/ssopt/metadata, but given the Great Responsibility, I recommend you not automate it.

Happy to philosophize offline some time -- doug.denhoed@atappstore.com

Regards,

Doug

Thanks for the reply. To clarify, the goal was to create an API key without turning off SSO for the entire instance, not to automate the creation of API keys.

Avatar

Community Advisor

Gotcha Jason,

Given the documentation, I agree with you that creating an API key without turning off SSO for the entire instance does not seem possible. That said, it might be worth trying anyways: sometimes, the API has more latitude than does the user interface.

And to clarify my Great Responsibility comment, although it appears to be technically possible, I would not recommend using the API to automatically 1) turn off SSO, 2) create the API key(s), then 3) turn on SSO, as it is contrary to the intention of SSO.

Regards,

Doug

Avatar

Level 10

This is interesting... I don't remember ever having to turn off SSO completely when needing to do an integration account. You do need to turn off "Only Allow SAML 2.0 Authentication" on the user level because they do need a username and password to get a key.

I usually, uncheck the box, give the account a temporary password, log in as the account to change the password to something permanent, and then create the API key.

But it has been awhile since I needed to create a new Integration account so maybe things have changed recently.

Avatar

Level 4

Anthony,

When I tried that it gave me an error :

method PUT is not allowed for authorization type COOKIE

Avatar

Correct answer by
Level 4

I think the answer may be to

  1. Create a new user with system admin access level
  2. Login as that user and generate the API Key
  3. Switch the user's access level

Avatar

Community Advisor
I agree, Jason: sufficient, but less risky. Good workaround. Regards, Doug