Look at this article: https://support.air-watch.com/articles/360003873834 Seems starting with console 9.3+, if you are using an AW basic account for API calls in any tie-in component (i.e. SEG V2, ACC, VIDM, Content Gateway), when the basic password expires, it will now start blocking api calls.
This is a big change and a huge headache. Their solution...use an AD account with a non-expiring password.
1. See this article: https://support.workspaceone.com/articles/360003873834
2. We are using AD accounts for most logins.
We have an API admin local account that integrates with our wireless controllers and the password expired unexpectedly. The information stopped syncing which caused our system to start flagging all devices as BYOD causing issues. After updating the password I also made sure my email address was entered for the local account so I would receive notifications that the password was going to expire. I would also rather have the local admin account never expire their password too. We are now on 1902 and there is no setting for admin password expiration that I can find. Our network guys really don't like adding generic accounts to AD but we will need to do this if that local admin password keeps expiring!
SO, which one is recommended
1. System account with a restricted REST API role, so that password change is synced automatically.
2. Basic account with a password reset policy.
Looking for pros and cons of each to understand this.