Getting Started with Secure Access Cloud (SAC) Management API
Secure Access Cloud
This blog post will introduce you to the SAC API v2 to automate your business flows. Documentation can be found here.
All examples below are performed on the tenant called ‘acme.luminatesec.com’.
Must have administrator privileges on your SAC tenant.
Must be comfortable with curl.
Starting with Authentication
Authentication is done using OAuth2 with the Bearer authentication scheme.
First, you need to generate an API client using the SAC Admin portal (usually at admin.acme.luminatesec.com/#/settings/api-clients) and make sure to assign the ‘Allow access to Luminate management API’ permission.
Then copy the ‘Client Id’ and the ‘Client Secret’ so they can be used for OAuth authentication:
Assigning directory entities to access your application
SAC allows three types of entities (user, group and api client) to be assigned to an application’s authorization policy to allow access to the application.
Users and groups usually belong to an Identity Provider (such as Okta or Azure AD) which you can integrate with SAC (although you can also use SAC local accounts), while api clients are created locally, within your SAC tenant (similar to local accounts)
Local users and groups are defined within the ‘local’ idp