Enabling Account via SOAP changes MFA options



  • Official comment
    Vincent Drake

    Hi Laurie,

    Yes, this behavior does feel a bit strange.

    While translating the 'MultiFactorAuthenticationSettings' object, Cerberus checks whether 'requiredSSH' and 'requiredFTP' property values are present in the request. If they are not, their values are set to the 'MultiFactorAuthenticationSettings.required' value. I suspect it behaves this way to provide a "sensible default value" when the properties are missing from the request.

    You will have to set 'requiredSSHSpecified' and 'requiredFTPSpecified' to 'true' in the request. This will explicitly set 'requiredSSH' and 'requiredFTP' to 'false' as the request is translated.

    It may be that these "Specified" properties should have been set 'true' in the user object returned by 'getUserInformation'.

    I'll file an internal bug on this. Thanks for bringing it to our attention!


    -Vincent Drake



    Comment actions Permalink
  • Avatar
    Laurie Street

    This works and makes sense. Shame the the values need to be specified even if they aren't being touched.

    Also really appreciate the SOAP API doco that has been put up on this site, really has helped with automation and streamlining processes. Great work!

    Just as an aside - I am unable to set the 'lastlogin' property. No matter what I try I am unable to reset it. I am unsure if it's simply not changeable or if I am doing something wrong. I am using Get-Date to specify 'right now' for the lastlogin, and the LastLoginSpecified value is $True.



    Comment actions Permalink

Please sign in to leave a comment.