Use a Postman collection for self-service MFA enrollment
This topic describes how to use a Postman collection to test the CyberArk Identity APIs related to self-service MFA enrollment. Postman is an HTTP-testing API application that enables you to monitor requests and responses.
Prerequisites
-
Install Postman from https://www.postman.com/downloads/ .
-
Get access to a CyberArk Identity tenant.
-
Create a policy and assign a role to that policy, ensuring that the corresponding MFA is enabled for the user.
Import the Postman collection
Get started with the Postman collection
Once the Postman collection is imported, make sure that the following variables are pre-filled to run the collection based on the functionality you want to try out. These variables are required for authentication profile management:
Variable name |
Description |
---|---|
tenant_url |
The URL of the CyberArk Identity tenant (https://example.idaptive.app). The URL will be used for all API requests to CyberArk Identity. |
username |
The username of the CyberArk Identity directory user |
password |
The password of the CyberArk Identity directory user |
sq_answer |
The answer to the security question to be added |
sq_question |
The security question to be added |
phone_pin |
The phone PIN is required to a setup a phone call as MFA |
oath_otp |
The time-based one-time password to set up the OATH OTP |
android_version |
The version of the Android phone that needs to be enrolled |
ios_version |
The version of the iOS phone that needs to be enrolled |
fido2_security_id |
The credential ID generated by the FIDO2 authenticator |
fido2_raw_id |
The |
fido2_challenge |
The challenge used for generating the newly created credential’s attestation object You can generate this challenge using the /U2f/GetRegistrationChallenge API. |
fido2_authenticator_type |
The FIDO2 authenticator type can either be "SECURITYKEY" for FIDO2 security key or "ONDEVICEAUTHENTICATOR" for on-device authenticator |
fido2_attestation_object |
The attestation object that contains the authenticator data and attestation statement |
fido2_client_data |
This attribute, inherited from AuthenticatorResponse, contains the JSON-compatible serialization of client data |
fido2_security_key_name |
The name for the FIDO2 security key |
new_password |
The new password for the user |
old_password |
The old user password that needs to be changed |