Changing authentication at the origin
Learn about the process of changing authentication at the origin when migrating from service accounts to client credentials.
Changing the authentication at the origin is a critical step in migrating from service accounts to client credentials. This ensures that all instances where the service account is used are properly updated to use the new client credentials.
When transitioning from service accounts to client credentials, it’s essential to identify all locations where the old service account credentials are used. This includes scripts, applications, and integrations that rely on the service account for authentication. Every single place should be identified and migrated. Otherwise, any remaining automated processes may fail.
Changing the authentication
Here is an outline of the steps:
-
Identify all usage points:
Review your scripts, applications, and integrations to find where the service account is used.
Document all these points to ensure none are missed during the transition.
-
Replace with client credentials:
Update each identified usage point to use the new client credentials.
Ensure the new credentials are securely stored and managed.
-
Update approved authentication requests:
Ensure that the authentication requests are:
- Using the client_credentials grant
- Sending the credentials
client_id:client_secret
encoded with Base64 in the Basic Auth header.
Approved authentication request:
POST https://auth.reltio.com/oauth/token Authorization: Basic <BASE64(client_id:client_secret)> Content-Type: application/x-www-form-urlencoded Body: grant_type=client_credentials
Leveraging the Security Audit Log
ROLE_ADMIN_CUSTOMER
is required to perform these operations.
Sample Security Audit Log API request:
POST https://auth.reltio.com/audit/export
Authorization: Basic <BASE64(client_id:client_secret)>
Content-Type: text/plain
Body:
{
"customerId": "<YOUR_CUSTOMER_ID>",
"start": "2024-08-01T00:00:00Z",
"end": "2024-08-01T23:59:00Z",
"usernames": ["<YOUR_SERVICE_ACCOUNT>"],
"events": ["LOGIN"],
"eventTargetObjects": [],
"format": "JSON"
}
Sample Security Audit Log response:
[
{
"timestamp": "2024-08-01T23:58:58.956918Z",
"ipAddress": [
"51.5.220.13"
],
"userName": "<YOUR_SERVICE_ACCOUNT>",
"eventName": "LOGIN",
"eventObject": "",
"eventDetail": [
{
"grant_type": "password"
}
]
}
]
Need help?
If you encounter any issues or have questions during this process, please contact us, see topic Need some help?.