This article is a guide to setting up a CallAPI user who is a service user attached to LDAP who cannot use SAML because there won't be MFA performed at login since it is a service user.

Release : 12.3

Component :

In this example, the LDAP department is SUPPORT and the service account is called CALLAPI.

All users are a part of the SUPPORT department.
The SUPPORT department is linked to the UC_LDAP_SUPPORT variable in client 0
SAML is set up according to the documentation and the Key NAME in UC_SAML_SETTINGS is SUPPORT

Since the CALLAPI user cannot use MFA, it needs to bypass SAML altogether, so it cannot be a part of the SUPPORT department in Automic; the username cannot be CALLAPI/SUPPORT.

Here are the steps to accomplish this:

1. Update the username to use a different department, like SVC
2. The user should still have "LDAP Connection" checked in the user settings
3. Create a UC_LDAP_SVC variable in client 0
4. This should be a copy of the UC_LDAP_SUPPORT variable; add the line to it:
   Key: DOMAIN_ALIAS
   Value1: SUPPORT

Any account tied to this will not use the SAML settings since the department doesn't exist as a key name in UC_SAML_SETTINGS.  The user is still tied to LDAP due to the UC_LDAP_SVC variable and having the user use an LDAP Connection.