Security Management

The Security Management API addresses authentication tasks. These tasks apply to both local users and LDAP users.

Update Password for a User

This API changes the password for a single user. 

Example:

https://<Ivanti EPMM>/api/v1/sm/authentication/users/jdoe

For security reasons, include the old and new passwords in the HTTP request body rather than as query parameters. For example:

PUT /api/v1/sm/authentication/users/jdoe HTTP/1.1

Host: <Ivanti EPMM>

Content-Length: 44

Accept: application/json

Authorization: Basic <token>

Content-Type: application/x-www-form-urlencoded

oldpassword=abcd1234&newpassword=wxy!13579

URI:
https://{host-name}/api/v1/sm/authentication/users/{username}

Updates password for input username.

Http Method:

PUT

Format:

xml, json

Request:

 

username

Required.

 

Unique login user name.

oldpassword

Current password of the user.

 

Note: For security reasons, include this parameter in HTTP request body.

 

Required only if the Ivanti EPMM setting to save the user password is set to Yes.  You can set this value in the Admin Portal, using Settings | Preferences.

 

When oldpassword is required, make sure that the value you provide in the request is correct. If it is not included or is not correct, the response contains a failure message.

 

Note: When you create a local user using the API to Register a Device, Ivanti EPMM sets the user’s password to the user ID (called username in this request).

newpassword

Required.

 

New password of the user.

 

The password must be between 8 and 20 characters.

 

Note: For security reasons, include this parameter in HTTP request body.

 

 

Response Status Code:

 

‘404 – No Data Found’

There is no data.

‘200 – OK’

Data is present and the response is returned.

Response:

 

<securityManagementWebServiceResponse>

 

<userName>jdoe</userName>

 

<messages>

 

<message>

 

Password changed successfully for user: jdoe

Status Message.

Success shown if the method execution is successful.

A descriptive error message is shown if the method execution failed.

</ message >

 

</messages>

 

</securityManagementWebServiceResponse>

 

Find a User

This API finds a single user by username or email address. User details will be returned only if the search finds an exact match of the username or email address. 

Example:

https://<Ivanti EPMM>/api/v1/sm/users/jdoe

URI:
https://{host-name}/api/v1/sm/users/{username}

Finds the user specified for input username or email address

Http Method:

GET

Format:

xml, json

Request:

 

 

 

Response Status Code:

 

‘404 – No Data Found’

There is no data.

‘200 – OK’

Data is present and the response is returned.

Response:

 

<securityManagementWebServiceResponse>

    <userName>miadmin</userName>

    <messages/>

    <user id="9001">

        <uuid>f89d8cbf-59d7-47e6-97c2-4681ed8f954a</uuid>

        <principal>miadmin</principal>

        <createdAt>1374085200000</createdAt>

        <displayName>miadmin</displayName>

        <email>[email protected]</email>

        <enabled>true</enabled>

        <firstName>miadmin</firstName>

        <forcePasswordChange>false</forcePasswordChange>

        <googleAppsEncryptionAlgVersion>0</googleAppsEncryptionAlgVersion>

        <lastAdminPortalLoginTime>1374178220915</lastAdminPortalLoginTime>

        <lastName></lastName>

        <opaque>true</opaque>

        <roles>ROLE_MPW_LOCK</roles>

        <roles>ROLE_USER_MANAGEMENT_RW</roles>

        <roles>ROLE_MAI_RW</roles>

        <roles>ROLE_APPS_AND_FILES_RW</roles>

        <roles>ROLE_SENTRY_FOR_IPAD</roles>

        <roles>ROLE_ADMIN_LOCATE</roles>

        <roles>ROLE_LOG_R</roles>

        <roles>ROLE_TROUBLESHOOTING_RW</roles>

        <roles>ROLE_EVENT_CENTER_RW</roles>

        <roles>ROLE_ADMIN_WIPE</roles>

        <roles>ROLE_SELECTIVE_WIPE</roles>

        <roles>ROLE_MPW_REG</roles>

        <roles>ROLE_SECURITY_AND_POLICIES_RW</roles>

        <roles>ROLE_MPW_LOCATE</roles>

        <roles>ROLE_API</roles>

        <roles>ROLE_SMARTPHONES_AND_DEVICES_RW</roles>

        <roles>ROLE_MPW_WIPE</roles>

        <roles>ROLE_USER_PORTAL_RW</roles>

        <roles>ROLE_CONNECTOR</roles>

        <roles>ROLE_SETTINGS_RW</roles>

        <userSource>76</userSource>

    </user>

</securityManagementWebServiceResponse>

 

Search LDAP Users

This API finds users by username. The search string cannot be less than 2 characters. If the search results are more than the search limit (can be configured in mifs.properties) an error is returned. Default search limit is 100.

Example:

https://<Ivanti EPMM>/api/v1/sm/users/search/ldap/?userid=jdoe

URI:
https://{host-name}/api/v1/sm/users/search/ldap/{userid}

Finds the users for the specified username search string.

Http Method:

GET

Format:

xml, json

Request:

 

userid

Required.

Username search string. Minimum 2 characters.

Response Status Code:

 

‘404 – No Data Found’

There is no data.

‘200 – OK’

Data is present and the response is returned.

‘400- Bad Request’

1. If the input search string is less than 2 characters.

2. If the search results are more than the limit.

 

Response:

 

<securityManagementWebServiceResponse>

    <userName>testuser000</userName>

    <messages/>

    <users>

        <user>

            <principal>testuser0001</principal>

            <displayName>testuser0001</displayName>

            <email>[email protected]</email>

            <enabled>false</enabled>

            <firstName>Test</firstName>

            <forcePasswordChange>false</forcePasswordChange>

            <lastName>User0001</lastName>

            <opaque>true</opaque>

            <userSource>68</userSource>

        </user>   

        <user>

            <principal>testuser0003</principal>

            <displayName>testuser0003</displayName>

            <email>[email protected]</email>

            <enabled>false</enabled>

            <firstName>Test</firstName>

            <forcePasswordChange>false</forcePasswordChange>

            <lastName>User0003</lastName>

            <opaque>true</opaque>

            <userSource>68</userSource>

        </user>

</users>

</securityManagementWebServiceResponse>

 

Authenticate a User

This API authenticates a single user by username. 

Example:

https://<Ivanti EPMM>/api/v1/sm/authentication

For security reasons, include the password in the HTTP request body rather than as a query parameter. For example:

 

POST /api/v1/sm/authentication HTTP/1.1

Host: <Ivanti EPMM>

Content-Length: 31

Accept: application/json

Authorization: Basic <token>

username=jdoe&password=abcd1234

URI:
https://{host-name}/api/v1/sm/users/{username}

Finds the user specified for input username.

Http Method:

POST

Format:

xml, json

Request:

 

username

String

Required

 

Note: For security reasons, include this parameter in HTTP request body.

Password

String

Required

The password must be between 8 and 20 characters.

Note: For security reasons, include this parameter in HTTP request body.

Response Status Code:

 

‘401 – Unauthorized’

If the username/password is invalid.

‘200 – OK’

If username and password are valid then User details are returned in the response.

Response:

 

<securityManagementWebServiceResponse>

    <userName>miadmin</userName>

    <messages/>

    <user id="9001">

        <uuid>f89d8cbf-59d7-47e6-97c2-4681ed8f954a</uuid>

        <principal>miadmin</principal>

        <createdAt>1374085200000</createdAt>

        <displayName>miadmin</displayName>

        <email>[email protected]</email>

        <enabled>true</enabled>

        <firstName>miadmin</firstName>

        <forcePasswordChange>false</forcePasswordChange>

        <googleAppsEncryptionAlgVersion>0</googleAppsEncryptionAlgVersion>

        <lastAdminPortalLoginTime>1374178220915</lastAdminPortalLoginTime>

        <lastName></lastName>

        <opaque>true</opaque>

        <roles>ROLE_MPW_LOCK</roles>

        <roles>ROLE_USER_MANAGEMENT_RW</roles>

        <roles>ROLE_MAI_RW</roles>

        <roles>ROLE_APPS_AND_FILES_RW</roles>

        <roles>ROLE_SENTRY_FOR_IPAD</roles>

        <roles>ROLE_ADMIN_LOCATE</roles>

        <roles>ROLE_LOG_R</roles>

        <roles>ROLE_TROUBLESHOOTING_RW</roles>

        <roles>ROLE_EVENT_CENTER_RW</roles>

        <roles>ROLE_ADMIN_WIPE</roles>

        <roles>ROLE_SELECTIVE_WIPE</roles>

        <roles>ROLE_MPW_REG</roles>

        <roles>ROLE_SECURITY_AND_POLICIES_RW</roles>

        <roles>ROLE_MPW_LOCATE</roles>

        <roles>ROLE_API</roles>

        <roles>ROLE_SMARTPHONES_AND_DEVICES_RW</roles>

        <roles>ROLE_MPW_WIPE</roles>

        <roles>ROLE_USER_PORTAL_RW</roles>

        <roles>ROLE_CONNECTOR</roles>

        <roles>ROLE_SETTINGS_RW</roles>

        <userSource>76</userSource>

    </user>

</securityManagementWebServiceResponse>