l8y4y (l8y4y) asked a question.
Minimum security permissions needed for account recovery/unlock using API token?
We have a request to initiate self service account unlock using API calls. We are trying to identify the lowest set of permissions needed in security to issue POST api/v1/authn/recovery/unlock to initiate the self service unlock process flow. This works with an API token with Super Admin access. We get an insufficient rights error if the API token has only Users / Unlock Users permission. Has anyone tried something similar to this and had success with rights lower than Super Admin?
Hi! Great question, so yes, the API token inherits the permission of the admin that generated it. In your case, it seems that you are not having success unlocking user accounts with a token created with what seems to be a custom Admin Role? I have noticed that there can be some interesting permissions needed to have custom admin roles work as expected. You could also use the Help Desk role as well, that permission also has the ability unlock accounts, and it is pre-built and significantly scoped down from super admin. Please let me know if you have any further questions or concerns. Thanks!