When using PUT /api.php/v1/userGroups.json it only allows us to change authentication type to LDAP, LOCAL, RSA or RADIUS. It does not allow LDAP+RSA or LDAP+RADIUS. We need a method to edit over 1000 user groups but get the error below. Can this be done by support at the OS level if needed? We are planning to make the change in several weeks and need it to be quickly flipped to ensure users aren't impacted. Thank you!
curl -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ \ "authType":"ldap+radius", \ "groupId":<group ID> \ }' 'https://<pam server>/api.php/v1/userGroups.json'
{ "error": { "code": 400, "message": "Bad Request: Invalid value specified for `data.authType`. Expected one of (local,radius,tacacs+,saml,ldap)." } }
Privileged Access Manager, versions 4.0.0-4.0.3 and 4.1.0
A check for authentication types allowed in the Rest API call was missing the MFA authentication options.
A code change was made to resolve the issue, it is fixed as DE543170 in the 4.0.4 and 4.1.1 releases.
Resolved Issues in 4.0.4: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-5/release-information/resolved-issues-in-earlier-4-x-releases/Resolved-Issues-in-4-0-4.html
Resolved Issues in 4.1.1: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-5/release-information/resolved-issues-in-earlier-4-x-releases/Resolved-Issues-in-4-1-1.html