This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bob111
Collaborator
‎2025-04-01 02:19 AM
Jump to solution

Changing a smartconsole user password with an API call

Hello all, I want to change a smartconsole user password via the API, in the docs there is set-user, but the users it refers to are the users in the Users object and the smartconsole users. Does anyone know if there is something else?
Thanks

0 Kudos
2 Solutions

Accepted Solutions
Daniel_Kuhl1
Employee Employee
Employee
‎2025-04-01 03:44 AM
In response to bob111
Jump to solution

Hi @bob111 ,

to be honest it's a little bit confusing, but the documentation says: "This command is available only after logging in to the System Data domain."

So you need to use the "login-to-domain" API call to gather the session-id even if you have a SMS:

curl --location 'https://<your-server>/web_api/login' \
--header 'Content-Type: application/json' \
--data '{
  "user" : "<your-username>",
  "password" : "<your-password>",
  "domain" : "System Data"
}'

...and then "set-administrator" to change the password:

curl --location 'https://<your-server>/web_api/set-administrator' \
--header 'Content-Type: application/json' \
--header 'X-chkp-sid: <your-session-id>' \
--data '{
  "name" : "<your-username>",
  "password" : "<new-password>"
}'

 That worked for me. Let us know if it worked for you.

View solution in original post

Daniel_Kuhl1
Employee Employee
Employee
‎2025-04-09 02:23 AM
In response to bob111
Jump to solution

Hey @bob111, I haven't tested it but it should be fine to publish the changes to the management using your session ID. No policy install needed, just publish the changes and test if you can login to the Smart Console using the new password.

View solution in original post

12 Replies
Amir_Senn
Employee
Employee
‎2025-04-01 02:28 AM
Jump to solution

Hi Bob,

Try using "set administrator"

You can follow reference using in this link: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-administrator~v2%20

 

Kind regards, Amir Senn
bob111
Collaborator
‎2025-04-01 02:41 AM
In response to Amir_Senn
Jump to solution

Thanks for the reply!
But this is a command executed in the cli no? Can it be done with an http request?
Also when I tried this command it gave me that it can only work on domains of type MDS. we do not use domains, can we still use the command?

0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2025-04-01 02:49 AM
In response to bob111
Jump to solution

All Management API commands have several options:

mgmt_cli tool
Web Services
SmartConsole CLI
Gaia CLI

 

In this case:

https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/set-administrator~v2%20

 

It can also be used in MDS - there are examples at the bottom of the page

bob111
Collaborator
‎2025-04-01 03:00 AM
In response to Tal_Paz-Fridman
Jump to solution

I get the error: This command can work only on domains of type MDS. Cannot execute it in current domain (current domain type is Domain)

0 Kudos
Daniel_Kuhl1
Employee Employee
Employee
‎2025-04-01 03:44 AM
In response to bob111
Jump to solution

Hi @bob111 ,

to be honest it's a little bit confusing, but the documentation says: "This command is available only after logging in to the System Data domain."

So you need to use the "login-to-domain" API call to gather the session-id even if you have a SMS:

curl --location 'https://<your-server>/web_api/login' \
--header 'Content-Type: application/json' \
--data '{
  "user" : "<your-username>",
  "password" : "<your-password>",
  "domain" : "System Data"
}'

...and then "set-administrator" to change the password:

curl --location 'https://<your-server>/web_api/set-administrator' \
--header 'Content-Type: application/json' \
--header 'X-chkp-sid: <your-session-id>' \
--data '{
  "name" : "<your-username>",
  "password" : "<new-password>"
}'

 That worked for me. Let us know if it worked for you.

bob111
Collaborator
‎2025-04-01 04:21 AM
In response to Daniel_Kuhl1
Jump to solution

Thank you very much! It worked! I did not notice that you need to specify the domain on the login:) 

0 Kudos
bob111
Collaborator
‎2025-04-01 04:58 AM
In response to Daniel_Kuhl1
Jump to solution

I tried doing set-administrator without publishing by accident and I did not get an error but it locked the user I was trying to edit so I tried just publishing and it tells me that it cannot do it because other sessions are in progress and when I log in to the smartconsole I do not see any other sessions, do you why is that?  

0 Kudos
Daniel_Kuhl1
Employee Employee
Employee
‎2025-04-01 05:11 AM
In response to bob111
Jump to solution

I guess your API session expired without publishing the changes. Maybe you can revert the changes back and do it again with a publish. 🙂

0 Kudos
bob111
Collaborator
‎2025-04-09 01:44 AM
In response to Daniel_Kuhl1
Jump to solution

Is there to specify a domain when installing the policy after doing this change? because I did what you said and set-adminstrator command worked but when I try to publish and install the changes it says that it cannot find my policy, I assume this is because I am logged in to the System Data domain. How did you install the changes?
Thanks.

0 Kudos
Daniel_Kuhl1
Employee Employee
Employee
‎2025-04-09 02:23 AM
In response to bob111
Jump to solution

Hey @bob111, I haven't tested it but it should be fine to publish the changes to the management using your session ID. No policy install needed, just publish the changes and test if you can login to the Smart Console using the new password.

bob111
Collaborator
‎2025-04-09 04:20 AM
In response to Daniel_Kuhl1
Jump to solution

Thank you very much😅

0 Kudos
Daniel_Kuhl1
Employee Employee
Employee
‎2025-04-09 04:35 AM
In response to bob111
Jump to solution

You're welcome. This is the place to ask and get help. 😊

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events