Why is my Crowd Rest API Connected App logging in as Invalid Password on one of my User Records?
|Knowledge Article Number||000206802|
|Description||There appears to be a connected app, "crwdRest" that is attempting to remotely log in to our org's salesforce instance with wrong credentials, which is locking out the User Account. This app is locking out an essential User. Can you please let me know what this app is and how to resolve this critical issue?|
|Resolution||In order to understand this behavior we first need to know a little about what Crowd Rest API.
According to the following Link: https://developer.atlassian.com/display/CROWDDEV/Using+the+Crowd+REST+APIs
"Crowd offers a set of REST APIs for use by applications connecting to Crowd.
Please note the main difference between Crowd APIs and the APIs of other applications like JIRA and Confluence: In Crowd, an application is the client of Crowd, whereas in JIRA/Confluence a user is the client. For example, when authenticating a request to a Crowd REST resource via basic authentication, the application name and password is used (and not a username and password). Keep this in mind when using the REST APIs."
Based on the above statement, the integration uses Application Name and Password to communicate from Crowd to your Salesforce Org. Also Crowd Rest API Apps are typically Managed Packages that utilize a specific "Package License Manager" license instead of your Salesforce License which are typically reserved for users.
If your App is unmanaged it may utilize one of your Salesforce licenses which can present a problem if you're already consuming all of your available licenses. The App may then leverage a actual user's license and will leverage the credentials for that user. If the passwords are not aligned or if the password is changed by the user in Salesforce and not corrected or updated in the App or integration it may attempt to login with the incorrect credentials repeatedly potentially locking out the user.
You may need to contact the developer of the App to have this issue resolved if you are unable to align the passwords. One last thing as a best practice the App would be better as a managed package that way you are not sharing licenses.