When using PUT /api.php/v1/userGroups.json it only allows us to change authentication type to LDAP, LOCAL, RSA or RADIUS. It does not allow LDAP+RSA or LDAP+RADIUS. We need a method to edit over 1000 user groups but get the error below. Can this be done by support at the OS level if needed? We are planning to make the change in several weeks and need it to be quickly flipped to ensure users aren't impacted. Thank you!
curl -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ \ "authType":"ldap+radius", \ "groupId":<group ID> \ }' 'https://<pam server>/api.php/v1/userGroups.json'
{ "error": { "code": 400, "message": "Bad Request: Invalid value specified for `data.authType`. Expected one of (local,radius,tacacs+,saml,ldap)." } }
Release : 4.1
Component : PRIVILEGED ACCESS MANAGEMENT
A check for authentication types allowed in the Rest API call was missing the MFA authentication options.
PAM Engineering coded a fix that will be included in the upcoming 4.1.1 maintenance release and other future releases.