This article is a guide to setting up a CallAPI user who is a service user attached to LDAP who cannot use SAML because there won't be MFA performed at login since it is a service user.
Release : 12.3
Component :
In this example, the LDAP department is SUPPORT and the service account is called CALLAPI.
All users are a part of the SUPPORT department.
The SUPPORT department is linked to the UC_LDAP_SUPPORT variable in client 0
SAML is set up according to the documentation and the Key NAME in UC_SAML_SETTINGS is SUPPORT
Since the CALLAPI user cannot use MFA, it needs to bypass SAML altogether, so it cannot be a part of the SUPPORT department in Automic; the username cannot be CALLAPI/SUPPORT.
Here are the steps to accomplish this:
Any account tied to this will not use the SAML settings since the department doesn't exist as a key name in UC_SAML_SETTINGS. The user is still tied to LDAP due to the UC_LDAP_SVC variable and having the user use an LDAP Connection.