Use a Postman collection for self-service MFA enrollment

This topic describes how to use a Postman collection to test the CyberArk Identity APIs related to self-service MFA enrollment. Postman is an HTTP-testing API application that enables you to monitor requests and responses.

Prerequisites

  1. Install Postman from https://www.postman.com/downloads/ .

  2. Get access to a CyberArk Identity tenant.

  3. Create a user in CyberArk Identity.

  4. Create a role and add the users to the role.

  5. Create a policy and assign a role to that policy, ensuring that the corresponding MFA is enabled for the user.

Import the Postman collection

Get started with the Postman collection

Once the Postman collection is imported, make sure that the following variables are pre-filled to run the collection based on the functionality you want to try out. These variables are required for authentication profile management:

Variable name

Description

tenant_url

The URL of the CyberArk Identity tenant (https://example.idaptive.app). The URL will be used for all API requests to CyberArk Identity.

username

The username of the CyberArk Identity directory user

password

The password of the CyberArk Identity directory user

sq_answer

The answer to the security question to be added

sq_question

The security question to be added

phone_pin

The phone PIN is required to a setup a phone call as MFA

oath_otp

The time-based one-time password to set up the OATH OTP

android_version

The version of the Android phone that needs to be enrolled

ios_version

The version of the iOS phone that needs to be enrolled

fido2_security_id

The credential ID generated by the FIDO2 authenticator

fido2_raw_id

The ArrayBuffer contained in the [[identifier]] internal slot

fido2_challenge

The challenge used for generating the newly created credential’s attestation object

You can generate this challenge using the /U2f/GetRegistrationChallenge API.

fido2_authenticator_type

The FIDO2 authenticator type can either be "SECURITYKEY" for FIDO2 security key or "ONDEVICEAUTHENTICATOR" for on-device authenticator

fido2_attestation_object

The attestation object that contains the authenticator data and attestation statement

fido2_client_data

This attribute, inherited from AuthenticatorResponse, contains the JSON-compatible serialization of client data

fido2_security_key_name

The name for the FIDO2 security key

new_password

The new password for the user

old_password

The old user password that needs to be changed