Procedure for resetting vIDM local user's password using API

Recently experienced an issue where the local user (configadmin) got locked due to incorrect passwords and we need to perform a password reset.

• We can't perform a password reset of the configadmin user from Horizon as it was created by LCM

• SMTP wasn't available on VIDM to get the password reset link.

Note: Configadmin user has these 2 roles (Readonly Admin and Super Admin) in vIDM and the user is created in LCM with the Default Configuration Admin role.

The purpose to create this article is to reset the password for configadmin created by LCM during the deployment of VRA 8.

Post further research I found the below procedure, using which was able to reset the password post which I was able to login to the vRA with the configadmin user.

• First, we need to retrieve the Value for HZN to do this we can follow the below steps:

  • Open any browser Chrome/Mozilla and authenticate with the local admin (admin) user/account to the Workspace ONE tenant

Note: Make sure you have the option to view the Administrator console

• Open INSPECT mode in the browser by right-clicking on the page and selecting INSPECT from the context menu

• Select APPLICATION from the inspection window

• Select your Workspace ONE / VMware Identity Manager portal under cookies

• Find HZN under the name column and copy the value data to your clipboard

Note: I used the POSTMAN tool to execute the APIs, and use the below parameters to issue the API

Step -1: Retrieve the ID of the user from the DB

• API URL

POST https://[vidm-fqdn]/SAAS/jersey/manager/api/scim/Users/.search/

• Authorization:

  • BEARER TOKEN

  • Paste the token copied above from the inspect window

• Headers:

Key Value

Accept application/json

Content-Type application/json

• Body:

  • Select RAW and add the below details:

  • NOTE: Here the username will be the user whose password needs to be reset

{ 
"filter" : "userName eq \"configadmin\" and domain eq \"System Domain\"" 
}

Step -2:With the user ID retrieved above/from the previous API now run the PATCH API to update the password for the user:

• API URL

PATCH https://[vidm-fqdn]/SAAS/jersey/manager/api/scim/Users/248ffe02-9485-4584-bc41-f06d926db194

• Authorization:

  • BEARER TOKEN

  • Paste the token copied above from Step -1 from the inspect window

• Headers:

Key Value

Accept application/json

• Body:

  • Select RAW and add the below details:

  • NOTE: You need to type the new password which you wish to set for the configadmin

{ "password": "Password@123" }