/build/static/layout/Breadcrumb_cap_w.png

2FA API deploys with Service Account

I have been tasked with setting up automated software deploys using the API. My company has 2FA enabled for all accounts. Because of 2FA being a requirement for all accounts, I am running into a roadblock with the authentication in the API. I have 2 questions:
1) What rights does a user need to install software via the API. Does the service account need to be an administrator? Does the Read Only Administrator give sufficient privileges (if so, I may be able to get 2FA turned off for this user)
2) Are there any ways to provide the authentication code in an automated way that has been successful for anyone with KACE?
Asked 3 years ago 0 views
0 Comments   [ + ] Show comments

Answers (3)

Posted by: KevinG 3 years ago
Red Belt
0

Since I am not sure how much of the task you have accomplished using the API.

How to authenticate when 2fa is enabled when using the API is covered here.

https://support.quest.com/technical-documents/kace-systems-management-appliance/11.0%20common%20documents/api-reference-guide


Comments:
  • Ok. I was finally able to get authenticated. Ended up temporarily using Google Authenticator on my phone for a temporary POC.
    When I try to add a device to a managed install or running a script I'm getting a 500 error that doesn't make sense to me.

    {
    "errorCode": -1,
    "errorDescription": "No route found for \"GET /api/managed_install/managed_installs/47/add_to_machines/\": Method Not Allowed (Allow: PUT)"
    }

    I am using a PUT, but it seems to think I'm using a GET. I believe the error body is a red herring and it actually has nothing to do with that.
    Headers are as follows:
    Content-Type application/json
    x-dell-csrf-token tokenValue
    x-dell-api-version 5
    Accept application/json

    Any thoughts? - talkercb 3 years ago
Posted by: KevinG 3 years ago
Red Belt
0

What version of the SMA?

What programming language are you using?

Can you share the snippet of code for the API call so we can further investigate?


Comments:
  • I am using Postman currently just for POC.
    PUT /api/managed_install/managed_installs/47/add_to_machines (47 being the script ID, right?)
    Body = {"Machines":["2210"]}
    Other headers as listed above - talkercb 3 years ago
Posted by: KevinG 3 years ago
Red Belt
0

I believe there is typo in the documentation. 

use

PUT /api/mi/managed_installs/47/add_to_machines


Comments:
  • When I do that I get a different error with a 403.
    {
    "error": "API disabled."
    }
    I have verified that the API is enabled. Thoughts? - talkercb 3 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ